[jira] [Commented] (NIFI-4246) OAuth 2 Authorization support - Client Credentials Grant

Mon, 12 Nov 2018 07:36:35 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-4246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16683949#comment-16683949
 ] 

ASF GitHub Bot commented on NIFI-4246:
--------------------------------------

Github user markAcomm commented on the issue:

    https://github.com/apache/nifi/pull/2901
  
    @jasonrogena,
    
    Thanks for moving this forward. Good to see this PR is keeping up with 1.8
    
    I noticed a small bug. In AbstractOAuthControllerService.java the property 
names look like they have a cut-and-paste error. Look for multiple properties 
with the line: 
    .Builder().name("JSON_response_access_token_name")
     
    At lines 91, 103 and 114. I am pretty sure those need different names. 
     
    Also, kudos for adding the scope property as this is pretty critical to 
using this against Google APIs. I am not sure how all OAuth services work when 
accepting scope, but in the case of Google, would it be best to use the new 
StandardValidators.URI_LIST_VALIDATOR ?



> OAuth 2 Authorization support - Client Credentials Grant
> --------------------------------------------------------
>
>                 Key: NIFI-4246
>                 URL: https://issues.apache.org/jira/browse/NIFI-4246
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Jeremy Dyer
>            Assignee: Jeremy Dyer
>            Priority: Major
>
> If your interacting with REST endpoints on the web chances are you are going 
> to run into an OAuth2 secured webservice. The IETF (Internet Engineering Task 
> Force) defines 4 methods in which OAuth2 authorization can occur. This JIRA 
> is focused solely on the Client Credentials Grant method defined at 
> https://tools.ietf.org/html/rfc6749#section-4.4
> This implementation should provide a ControllerService in which the enduser 
> can configure the credentials for obtaining the authorization grant (access 
> token) from the resource owner. In turn a new property will be added to the 
> InvokeHTTP processor (if it doesn't already exist from one of the other JIRA 
> efforts similar to this one) where the processor can reference this 
> controller service to obtain the access token and insert the appropriate HTTP 
> header (Authorization: Bearer{access_token}) so that the InvokeHTTP processor 
> can interact with the OAuth protected resources without having to worry about 
> setting up the credentials for each InvokeHTTP processor saving time and 
> complexity.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to