[ https://issues.apache.org/jira/browse/KAFKA-16345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nelson B. reassigned KAFKA-16345: --------------------------------- Assignee: Nelson B. > Optionally allow urlencoding clientId and clientSecret in authorization header > ------------------------------------------------------------------------------ > > Key: KAFKA-16345 > URL: https://issues.apache.org/jira/browse/KAFKA-16345 > Project: Kafka > Issue Type: Bug > Reporter: Nelson B. > Assignee: Nelson B. > Priority: Minor > > When a client communicates with OIDC provider to retrieve an access token > RFC-6749 says that clientID and clientSecret must be urlencoded in the > authorization header. (see > [https://tools.ietf.org/html/rfc6749#section-2.3.1)] However, it seems that > in practice some OIDC providers do not enforce this, so I was thinking about > introducing a new configuration parameter that will optionally urlencode > clientId & clientSecret in the authorization header. -- This message was sent by Atlassian Jira (v8.20.10#820010)