[jira] [Work logged] (KNOX-3179) Client credential flow reads null parameters from request

Mon, 11 Aug 2025 05:21:06 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3179?focusedWorklogId=978341&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-978341
 ]

ASF GitHub Bot logged work on KNOX-3179:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 11/Aug/25 12:20
            Start Date: 11/Aug/25 12:20
    Worklog Time Spent: 10m 
      Work Description: hanicz opened a new pull request, #1074:
URL: https://github.com/apache/knox/pull/1074

   ## What changes were proposed in this pull request?
   
   New header to specify the client credentials flow and to avoid reading the 
request body multiple times.
   
   ## How was this patch tested?
   
   Unit tests, tested the client credentials flow locally
   
   ```
   curl -ivku admin:admin-password 
https://localhost:8443/gateway/test-client-id/clientid/api/v1/oauth/credentials
   
   curl -ivk -X POST \
     "https://localhost:8443/gateway/tokenbox/knoxtoken/api/v2/token"; \
     -H "Content-Type: application/x-www-form-urlencoded" -H 
"X-Client-Credentials-Flow: true" \
     -d 
"grant_type=client_credentials&client_id=197bac1e-7968-4a73-89e7-cb5f1ee8e590&client_secret=TVRrM1ltRmpNV1V0TnprMk9DMDBZVGN6TFRnNVpUY3RZMkkxWmpGbFpUaGxOVGt3OjpNelppTmpjNE1EWXRaREkzT0MwME1XVm1MV0prWm1VdE5XTTFZV1E0TTJObE5qSmw="
   ```




Issue Time Tracking
-------------------

            Worklog Id:     (was: 978341)
    Remaining Estimate: 0h
            Time Spent: 10m

> Client credential flow reads null parameters from request
> ---------------------------------------------------------
>
>                 Key: KNOX-3179
>                 URL: https://issues.apache.org/jira/browse/KNOX-3179
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 2.1.0
>            Reporter: Tamás Hanicz
>            Assignee: Tamás Hanicz
>            Priority: Critical
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> [KNOX-3175|https://issues.apache.org/jira/projects/KNOX/issues/KNOX-3175] 
> changed the way the client credential flow reads payload data from 
> x-www-form-urlencoded requests. However these request are already cast to 
> UrlEncodedFormRequest where the getParameter method is overridden and the 
> payload is ignored, parameters only read from the query params.
>  
> {code:java}
> @Override
> public String getParameter(String name) {
>   return queryParams.getValue(name, 0);
> } {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to