Nelson B. created KAFKA-16345: --------------------------------- Summary: Optionally allow urlencoding clientId and clientSecret in authorization header Key: KAFKA-16345 URL: https://issues.apache.org/jira/browse/KAFKA-16345 Project: Kafka Issue Type: Bug Reporter: Nelson B.
When a client communicates with OIDC provider to retrieve an access token RFC-6749 says that clientID and clientSecret must be urlencoded in the authorization header. (see [https://tools.ietf.org/html/rfc6749#section-2.3.1)] However, it seems that in practice some OIDC providers do not enforce this, so I was thinking about introducing a new configuration parameter that will optionally urlencode clientId & clientSecret in the authorization header. -- This message was sent by Atlassian Jira (v8.20.10#820010)