Jeremy created NIFI-15262:
-----------------------------
Summary: StandardOauth2AccessTokenProvider requires any value to
be entered for the client secret when the user password grant type option is
selected
Key: NIFI-15262
URL: https://issues.apache.org/jira/browse/NIFI-15262
Project: Apache NiFi
Issue Type: Improvement
Components: Configuration
Affects Versions: 2.6.0
Environment: Using the Docker image from DockerHub and authenticating
against Keycloak v22.0.5
Reporter: Jeremy
1. When configuring the authorization details for the
StandardOauth2AccessTokenProvider you are required to enter any value (a zero
for example) in the "Client secret" setting when the "Grant Type" chosen is
"User Password" but that is not be required.
This setting for the client secret is actually ignored during the
authentication because only the client id, user, and password are necessary
when the grant type is "User Password". The setup can be rather confusing when
you are required to put something in this field due the UI enforcing it.
For example, I initially thought that I had to use a real secret from Keycloak
to make this work by changing the Keycloak client config so that I would have a
secret handy for this configuration but it is in fact not required at all and
any value entered would have worked to complete the service configuration.
Other settings for the "Grant Type" work but this probably can be double check
for the mapping of valid settings being enforced based on this selected setting.
2. Also, please fix the 's' in secret to be uppercase 'Client secret' to
'Client Secret' to match the other settings.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
