[jira] [Work logged] (KNOX-3112) Add a specialized use API for CLIENT_ID and SECRET based on KNOXTOKEN API

Sat, 05 Apr 2025 10:22:04 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3112?focusedWorklogId=964131&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-964131
 ]

ASF GitHub Bot logged work on KNOX-3112:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 31/Mar/25 20:54
            Start Date: 31/Mar/25 20:54
    Worklog Time Spent: 10m 
      Work Description: lmccay commented on code in PR #1011:
URL: https://github.com/apache/knox/pull/1011#discussion_r2021752408


##########
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/ClientCredentialsResource.java:
##########
@@ -75,7 +75,7 @@ public Response getAuthenticationToken() {
 
         TokenResponseContext resp = getTokenResponse(context);
         if (resp.responseMap != null) {
-            String passcode = resp.responseMap.passcode;
+            String passcode = (String) resp.responseMap.map.get(PASSCODE);

Review Comment:
   I appears to be related to the fact that when there is no token state server 
configured that the passcode field isn't generated since it can't be persisted 
and it requires server side state. Why the actual passcode UUID is generated 
and returned in the out response is still not clear.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 964131)
    Time Spent: 1h  (was: 50m)

> Add a specialized use API for CLIENT_ID and SECRET based on KNOXTOKEN API
> -------------------------------------------------------------------------
>
>                 Key: KNOX-3112
>                 URL: https://issues.apache.org/jira/browse/KNOX-3112
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>            Priority: Major
>             Fix For: 2.2.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> Given the ability to support the OAuth client credentials flow with a 
> specialized use of the tokenid and passcode token from the KNOXTOKEN API, we 
> should add a corresponding API for acquiring the CLIENT_ID and CLIENT_SECRET 
> without requiring consumers to understand this specialized use. We will 
> codify the conventions being used for that into the new API extension of 
> KNOXTOKEN which will make CLIENTID's first class concepts rather than an 
> interpretation of KNOXTOKEN API responses.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to