[jira] [Work logged] (KNOX-3112) Add a specialized use API for CLIENT_ID and SECRET based on KNOXTOKEN API

Sat, 05 Apr 2025 11:12:43 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3112?focusedWorklogId=964127&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-964127
 ]

ASF GitHub Bot logged work on KNOX-3112:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 31/Mar/25 20:47
            Start Date: 31/Mar/25 20:47
    Worklog Time Spent: 10m 
      Work Description: lmccay commented on code in PR #1011:
URL: https://github.com/apache/knox/pull/1011#discussion_r2021744683


##########
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/ClientCredentialsResource.java:
##########
@@ -75,7 +75,7 @@ public Response getAuthenticationToken() {
 
         TokenResponseContext resp = getTokenResponse(context);
         if (resp.responseMap != null) {
-            String passcode = resp.responseMap.passcode;
+            String passcode = (String) resp.responseMap.map.get(PASSCODE);

Review Comment:
   Yeah, this was the source of the initial bug in the implementation. For some 
reason the tokenid and the passcode are surfaced at the top level but the 
passcode there is just the passcode portion of what ends up being the 
client_secret which contains both. I didn't really dig into why there are two 
levels but the one inside the map is put together and base64 encoded properly 
for use where the other is just the UUID format which can't be used directly.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 964127)
    Time Spent: 50m  (was: 40m)

> Add a specialized use API for CLIENT_ID and SECRET based on KNOXTOKEN API
> -------------------------------------------------------------------------
>
>                 Key: KNOX-3112
>                 URL: https://issues.apache.org/jira/browse/KNOX-3112
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>            Priority: Major
>             Fix For: 2.2.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> Given the ability to support the OAuth client credentials flow with a 
> specialized use of the tokenid and passcode token from the KNOXTOKEN API, we 
> should add a corresponding API for acquiring the CLIENT_ID and CLIENT_SECRET 
> without requiring consumers to understand this specialized use. We will 
> codify the conventions being used for that into the new API extension of 
> KNOXTOKEN which will make CLIENTID's first class concepts rather than an 
> interpretation of KNOXTOKEN API responses.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to