[
https://issues.apache.org/jira/browse/KNOX-3016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17825846#comment-17825846
]
ASF subversion and git services commented on KNOX-3016:
-------------------------------------------------------
Commit 8f38723bb6b8111eb93b01697e89dd98fb6f59f2 in knox's branch
refs/heads/master from Larry McCay
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=8f38723bb ]
KNOX-3016 - add support for client credentials flow (#876)
* KNOX-3016 - add support for client credentials flow
> Add Support for Client Credentials Flow with KnoxTokens
> -------------------------------------------------------
>
> Key: KNOX-3016
> URL: https://issues.apache.org/jira/browse/KNOX-3016
> Project: Apache Knox
> Issue Type: Bug
> Components: JWT
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 2.1.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Adding support for integrations to Knox proxied services and APIs via OAuth
> style cllient credentials flow. This allows an integration that is provided a
> CLIENT_ID and CLIENT_SECRET to authenticate to Knox and directly access
> proxied services with those or exchange those credentials for short lived JWT
> based access, id and refresh tokens.
> This change introduces only the acceptance of the Knox TokenID and Passcode
> tokens as CLIENT_ID and CLIENT_SECRET in a standard OAuth 2.0 client
> credentials flow request body. This body will contain the following params:
> 1. grant_type and it will be "client_credentials"
> 2. client_id which will be the KnoxToken tokenId or KnoxID
> 3. client_secret which will be the passcode token for which we store the hash
> Authentication using this flow will result in the effective user being what
> is provided as the CLIENT_ID.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
