Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2085#discussion_r174656145 --- Diff: nifi-nar-bundles/nifi-oauth-bundle/nifi-oauth/src/main/java/org/apache/nifi/oauth/OAuth2ClientCredentialsGrantControllerService.java --- @@ -0,0 +1,167 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * <p> + * Created on 7/25/17. + */ + +package org.apache.nifi.oauth; + +import java.util.ArrayList; +import java.util.Base64; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; + +import org.apache.nifi.annotation.documentation.CapabilityDescription; +import org.apache.nifi.annotation.documentation.Tags; +import org.apache.nifi.annotation.lifecycle.OnDisabled; +import org.apache.nifi.annotation.lifecycle.OnEnabled; +import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.controller.ConfigurationContext; +import org.apache.nifi.oauth.httpclient.OAuthHTTPConnectionClient; +import org.apache.nifi.processor.util.StandardValidators; +import org.apache.nifi.reporting.InitializationException; +import org.apache.oltu.oauth2.client.HttpClient; +import org.apache.oltu.oauth2.client.request.OAuthClientRequest; +import org.apache.oltu.oauth2.common.exception.OAuthProblemException; +import org.apache.oltu.oauth2.common.exception.OAuthSystemException; +import org.apache.oltu.oauth2.common.message.types.GrantType; + +@Tags({ "oauth2", "client", "secret", "post"}) +@CapabilityDescription("POSTs the ClientId and ClientSecret to the OAuth2 authentication server to retrieve the" + + " access token. The access token is stored locally in the controller service and used by processors " + + "referencing this controller service.") +public class OAuth2ClientCredentialsGrantControllerService + extends AbstractOAuthControllerService + implements OAuth2ClientService { + + public static final PropertyDescriptor CLIENT_ID = new PropertyDescriptor + .Builder().name("OAuth2 Client ID") + .displayName("OAuth2 Client ID") + .description("OAuth2 Client ID passed to the authorization server") + .required(true) + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) + .build(); + + public static final PropertyDescriptor CLIENT_SECRET = new PropertyDescriptor + .Builder().name("OAuth2 Client Secret") + .displayName("OAuth2 Client Secret") + .description("OAuth2 Client Secret that will be passed to the authorization server in exchange for an access token") + .sensitive(true) + .required(true) + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) + .build(); + + private static final List<PropertyDescriptor> properties; + + static { + final List<PropertyDescriptor> props = new ArrayList<>(); + props.add(AUTH_SERVER_URL); + props.add(CLIENT_ID); + props.add(CLIENT_SECRET); + props.add(RESPONSE_ACCESS_TOKEN_FIELD_NAME); + props.add(RESPONSE_EXPIRE_TIME_FIELD_NAME); + props.add(RESPONSE_EXPIRE_IN_FIELD_NAME); + props.add(RESPONSE_SCOPE_FIELD_NAME); + props.add(RESPONSE_TOKEN_TYPE_FIELD_NAME); + properties = Collections.unmodifiableList(props); + } + + @Override + protected List<PropertyDescriptor> getSupportedPropertyDescriptors() { + return properties; + } + + private String clientId = null; + private String clientSecret = null; + private Base64.Encoder enc = Base64.getEncoder(); + + /** + * @param context the configuration context + * @throws InitializationException if unable to create a database connection + */ + @OnEnabled + public void onEnabled(final ConfigurationContext context) throws InitializationException { + + super.onEnabled(context); + + clientId = context.getProperty(CLIENT_ID).getValue(); + clientSecret = context.getProperty(CLIENT_SECRET).getValue(); + } + + public boolean authenticate() { + HttpClient con = null; + + try { + + String base64String = enc.encodeToString((clientId + ":" + clientSecret).getBytes()); --- End diff -- Why create the Base64 encoded header as well as put the client ID and client secret in the request querystring? According to [OAuth.com :: Client Credentials](https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/), the OAuth server will accept one or the other. Is there a way to know in advance which method is supported, and if both are supported, only one is necessary, correct?
---