[
https://issues.apache.org/jira/browse/KNOX-3273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18065191#comment-18065191
]
ASF subversion and git services commented on KNOX-3273:
-------------------------------------------------------
Commit 996bf140154fede5c80a6f257b4521cb181317b9 in knox's branch
refs/heads/master from Larry McCay
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=996bf1401 ]
KNOX-3273 - Short Lived Tokens as Client Credentials (#1171)
> Short Lived Tokens for Client Credential Flows
> ----------------------------------------------
>
> Key: KNOX-3273
> URL: https://issues.apache.org/jira/browse/KNOX-3273
> Project: Apache Knox
> Issue Type: Improvement
> Components: JWT
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> This change will extend the client credentials flow support to include the
> use of
> JWT tokens rather than long lived client_id and client_secret.
> This is preferred for scenarios where short lived JWTs are readily available
> to clients
> such as Service Accounts within k8s clusters and projected JWT credentials.
> Rather than using client_id and client_secret as bearer or HTTP basic
> credentials,
> we will use the client_assertion param based on the client_assertion_type of
> "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".
> POST /token.oauth2 HTTP/1.1
> Content-Type: application/x-www-form-urlencoded
> grant_type=client_credentials&
> client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&
> client_assertion=eyJhbGciOiJSUzI1NiJ9... <- K8s SA JWT
> scope=openid profile email
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
