[GitHub] [pulsar] danielorf opened a new pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Fri, 24 Sep 2021 18:36:56 -0700 


danielorf opened a new pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186


   <!--
   ### Contribution Checklist
     
     - Name the pull request in the form "[Issue XYZ][component] Title of the 
pull request", where *XYZ* should be replaced by the actual issue number.
       Skip *Issue XYZ* if there is no associated github issue for this pull 
request.
       Skip *component* if you are unsure about which is the best component. 
E.g. `[docs] Fix typo in produce method`.
   
     - Fill out the template below to describe the changes contributed by the 
pull request. That will give reviewers the context they need to do the review.
     
     - Each pull request should address only one issue, not mix up code from 
multiple issues.
     
     - Each commit in the pull request has a meaningful commit message
   
     - Once all items of the checklist are addressed, remove the above text and 
this checklist, leaving only the filled out template below.
   
   **(The sections below can be removed for hotfixes of typos)**
   -->
   
   Fixes #12182
   
   ### Motivation
   Token request should use Basic auth instead of urlencoded credentials
   
   ### Modifications
   
   Replaced the URLEncoded OAuth2 creds with the `Authorization Basic ...` 
variant in accordance with [RFC 6749 section 
2.3.1](https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1)  
recommendation.
   
   Note that this could affect users of OAuth2 where their token provider 
accepts URLEncoded credentials but not `Authorization Basic ...` header - which 
would be against the recommendation of [RFC 6749 section 
2.3.1](https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1).
   
   ### Verifying this change
   
   - [ ] Make sure that the change passes the CI checks.
   - Updated TokenClientTest to reflect the cred request change
   
   
   ### Documentation
   
   Check the box below and label this PR (if you have committer privilege).
   
   Need to update docs? 
   
   - [ ] doc-required 
    
     
   - [X] no-need-doc 
     
     **Simply correcting the request type when requesting a token from OAuth2 
provider**
     
   - [ ] doc 
     
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to