[
https://issues.apache.org/jira/browse/KNOX-3273?focusedWorklogId=1009174&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1009174
]
ASF GitHub Bot logged work on KNOX-3273:
----------------------------------------
Author: ASF GitHub Bot
Created on: 11/Mar/26 20:38
Start Date: 11/Mar/26 20:38
Worklog Time Spent: 10m
Work Description: lmccay merged PR #1171:
URL: https://github.com/apache/knox/pull/1171
Issue Time Tracking
-------------------
Worklog Id: (was: 1009174)
Time Spent: 0.5h (was: 20m)
> Short Lived Tokens for Client Credential Flows
> ----------------------------------------------
>
> Key: KNOX-3273
> URL: https://issues.apache.org/jira/browse/KNOX-3273
> Project: Apache Knox
> Issue Type: Improvement
> Components: JWT
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> This change will extend the client credentials flow support to include the
> use of
> JWT tokens rather than long lived client_id and client_secret.
> This is preferred for scenarios where short lived JWTs are readily available
> to clients
> such as Service Accounts within k8s clusters and projected JWT credentials.
> Rather than using client_id and client_secret as bearer or HTTP basic
> credentials,
> we will use the client_assertion param based on the client_assertion_type of
> "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".
> POST /token.oauth2 HTTP/1.1
> Content-Type: application/x-www-form-urlencoded
> grant_type=client_credentials&
> client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&
> client_assertion=eyJhbGciOiJSUzI1NiJ9... <- K8s SA JWT
> scope=openid profile email
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
