[jira] [Updated] (KAFKA-16345) Optionally allow urlencoding clientId and clientSecret in authorization header

Sat, 09 Mar 2024 22:37:08 -0800 


     [ 
https://issues.apache.org/jira/browse/KAFKA-16345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nelson B. updated KAFKA-16345:
------------------------------
    Description: 
When a client communicates with OIDC provider to retrieve an access token 
RFC-6749 says that clientID and clientSecret must be urlencoded in the 
authorization header. (see [https://tools.ietf.org/html/rfc6749#section-2.3.1)] 
However, it seems that in practice some OIDC providers do not enforce this, so 
I was thinking about introducing a new configuration parameter that will 
optionally urlencode clientId & clientSecret in the authorization header. 

 

Link to the KIP 
https://cwiki.apache.org/confluence/display/KAFKA/KIP-1025%3A+Optionally+URL-encode+clientID+and+clientSecret+in+authorization+header

  was:When a client communicates with OIDC provider to retrieve an access token 
RFC-6749 says that clientID and clientSecret must be urlencoded in the 
authorization header. (see [https://tools.ietf.org/html/rfc6749#section-2.3.1)] 
However, it seems that in practice some OIDC providers do not enforce this, so 
I was thinking about introducing a new configuration parameter that will 
optionally urlencode clientId & clientSecret in the authorization header. 


> Optionally allow urlencoding clientId and clientSecret in authorization header
> ------------------------------------------------------------------------------
>
>                 Key: KAFKA-16345
>                 URL: https://issues.apache.org/jira/browse/KAFKA-16345
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Nelson B.
>            Assignee: Nelson B.
>            Priority: Minor
>
> When a client communicates with OIDC provider to retrieve an access token 
> RFC-6749 says that clientID and clientSecret must be urlencoded in the 
> authorization header. (see 
> [https://tools.ietf.org/html/rfc6749#section-2.3.1)] However, it seems that 
> in practice some OIDC providers do not enforce this, so I was thinking about 
> introducing a new configuration parameter that will optionally urlencode 
> clientId & clientSecret in the authorization header. 
>  
> Link to the KIP 
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-1025%3A+Optionally+URL-encode+clientID+and+clientSecret+in+authorization+header



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to