[
https://issues.apache.org/jira/browse/NIFI-4246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16399354#comment-16399354
]
ASF GitHub Bot commented on NIFI-4246:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/2085
There are merge conflicts in `InvokeHTTP` and in a number of the poms. I
believe I have resolved all of these
[6a80063313f9c8e03a1f42ae84813cabd5fc8349](https://github.com/alopresto/nifi/commit/6a80063313f9c8e03a1f42ae84813cabd5fc8349).
There are also the following issues:
* It looks like somehow an empty file was added at
`nifi/nifi-nar-bundles/nifi-update-attribute-bundle/nifi-update-attribute-ui/src/main/webapp/WEB-INF/jsp/authorize.jsp`.
I only noticed this because it failed the RAT check. I imagine this can be
deleted?
* An unused field remains in `AbstractOAuthControllerService`: `protected
long expireTimeSafetyNetSeconds = -1;`
* `OAuth2ClientCredentialsGrantControllerService.CLIENT_ID` and
`OAuth2ClientCredentialsGrantControllerService.CLIENT_SECRET` don't support
expression language (with the variable registry and NiFi Registry, these values
will likely be populated externally)
* The exception handling in
`OAuth2ClientCredentialsGrantControllerService#authenticate` can be condensed
* There are no unit or integration tests. I understand a real integration
test with an external service is difficult, but unit tests for
`OAuth2ClientCredentialsGrantControllerService#authenticate()` (via mocking
`OAuthHTTPConnectionClient#execute()`) and
`AbstractOAuthControllerService#isOAuthTokenExpired()` would be helpful
* There is no update to the User Guide or Admin Guide describing this
feature. At a minimum, the `InvokeHTTP` processor documentation should be
updated
I am in the process of configuring an external OAuth service to use with
this. Will have a final review once that evaluation is complete.
> OAuth 2 Authorization support - Client Credentials Grant
> --------------------------------------------------------
>
> Key: NIFI-4246
> URL: https://issues.apache.org/jira/browse/NIFI-4246
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Jeremy Dyer
> Assignee: Jeremy Dyer
> Priority: Major
>
> If your interacting with REST endpoints on the web chances are you are going
> to run into an OAuth2 secured webservice. The IETF (Internet Engineering Task
> Force) defines 4 methods in which OAuth2 authorization can occur. This JIRA
> is focused solely on the Client Credentials Grant method defined at
> https://tools.ietf.org/html/rfc6749#section-4.4
> This implementation should provide a ControllerService in which the enduser
> can configure the credentials for obtaining the authorization grant (access
> token) from the resource owner. In turn a new property will be added to the
> InvokeHTTP processor (if it doesn't already exist from one of the other JIRA
> efforts similar to this one) where the processor can reference this
> controller service to obtain the access token and insert the appropriate HTTP
> header (Authorization: Bearer{access_token}) so that the InvokeHTTP processor
> can interact with the OAuth protected resources without having to worry about
> setting up the credentials for each InvokeHTTP processor saving time and
> complexity.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
