[jira] [Assigned] (KAFKA-16345) Optionally allow urlencoding clientId and clientSecret in authorization header

Nelson B. (Jira) Tue, 05 Mar 2024 03:19:30 -0800


     [ 
https://issues.apache.org/jira/browse/KAFKA-16345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Nelson B. reassigned KAFKA-16345:
---------------------------------

    Assignee: Nelson B.

> Optionally allow urlencoding clientId and clientSecret in authorization header
> ------------------------------------------------------------------------------
>
>                 Key: KAFKA-16345
>                 URL: https://issues.apache.org/jira/browse/KAFKA-16345
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Nelson B.
>            Assignee: Nelson B.
>            Priority: Minor
>
> When a client communicates with OIDC provider to retrieve an access token 
> RFC-6749 says that clientID and clientSecret must be urlencoded in the 
> authorization header. (see 
> [https://tools.ietf.org/html/rfc6749#section-2.3.1)] However, it seems that 
> in practice some OIDC providers do not enforce this, so I was thinking about 
> introducing a new configuration parameter that will optionally urlencode 
> clientId & clientSecret in the authorization header. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (KAFKA-16345) Optionally allow urlencoding clientId and clientSecret in authorization header

Reply via email to