[ https://issues.apache.org/jira/browse/KAFKA-16345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nelson B. updated KAFKA-16345: ------------------------------ Description: When a client communicates with OIDC provider to retrieve an access token RFC-6749 says that clientID and clientSecret must be urlencoded in the authorization header. (see [https://tools.ietf.org/html/rfc6749#section-2.3.1)] However, it seems that in practice some OIDC providers do not enforce this, so I was thinking about introducing a new configuration parameter that will optionally urlencode clientId & clientSecret in the authorization header. Link to the KIP https://cwiki.apache.org/confluence/display/KAFKA/KIP-1025%3A+Optionally+URL-encode+clientID+and+clientSecret+in+authorization+header was:When a client communicates with OIDC provider to retrieve an access token RFC-6749 says that clientID and clientSecret must be urlencoded in the authorization header. (see [https://tools.ietf.org/html/rfc6749#section-2.3.1)] However, it seems that in practice some OIDC providers do not enforce this, so I was thinking about introducing a new configuration parameter that will optionally urlencode clientId & clientSecret in the authorization header. > Optionally allow urlencoding clientId and clientSecret in authorization header > ------------------------------------------------------------------------------ > > Key: KAFKA-16345 > URL: https://issues.apache.org/jira/browse/KAFKA-16345 > Project: Kafka > Issue Type: Bug > Reporter: Nelson B. > Assignee: Nelson B. > Priority: Minor > > When a client communicates with OIDC provider to retrieve an access token > RFC-6749 says that clientID and clientSecret must be urlencoded in the > authorization header. (see > [https://tools.ietf.org/html/rfc6749#section-2.3.1)] However, it seems that > in practice some OIDC providers do not enforce this, so I was thinking about > introducing a new configuration parameter that will optionally urlencode > clientId & clientSecret in the authorization header. > > Link to the KIP > https://cwiki.apache.org/confluence/display/KAFKA/KIP-1025%3A+Optionally+URL-encode+clientID+and+clientSecret+in+authorization+header -- This message was sent by Atlassian Jira (v8.20.10#820010)