Larry McCay created KNOX-3016:
---------------------------------
Summary: Add Support for Client Credentials Flow with KnoxTokens
Key: KNOX-3016
URL: https://issues.apache.org/jira/browse/KNOX-3016
Project: Apache Knox
Issue Type: Bug
Components: JWT
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 2.1.0
Adding support for integrations to Knox proxied services and APIs via OAuth
style cllient credentials flow. This allows an integration that is provided a
CLIENT_ID and CLIENT_SECRET to authenticate to Knox and directly access proxied
services with those or exchange those credentials for short lived JWT based
access, id and refresh tokens.
This change introduces only the acceptance of the Knox TokenID and Passcode
tokens as CLIENT_ID and CLIENT_SECRET in a standard OAuth 2.0 client
credentials flow request body. This body will contain the following params:
1. grant_type and it will be "client_credentials"
2. client_id which will be the KnoxToken tokenId or KnoxID
3. client_secret which will be the passcode token for which we store the hash
Authentication using this flow will result in the effective user being what is
provided as the CLIENT_ID.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
