[
https://issues.apache.org/jira/browse/CAMEL-21383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on CAMEL-21383 started by Christoph Deppisch.
--------------------------------------------------
> Add OIDC support for Knative Http client
> ----------------------------------------
>
> Key: CAMEL-21383
> URL: https://issues.apache.org/jira/browse/CAMEL-21383
> Project: Camel
> Issue Type: Improvement
> Components: camel-knative-http
> Reporter: Christoph Deppisch
> Assignee: Christoph Deppisch
> Priority: Major
> Fix For: 4.9.0
>
>
> The Knative eventing broker may use OIDC (OpenID Connect) as an authorization
> protocol. Clients need to use the respective tokens to authenticate via Https
> when connecting to the Knative broker in order to produce events.
>
> OpenID Connect (OIDC) is an identity authentication protocol that works with
> OAuth 2.0 to standardize the process for authenticating and authorizing users.
> Knative eventing supports OIDC access tokens that get injected as part of a
> SinkBinding resource. The injection is done in the form of a volume mount on
> the sink binding subject (usually the app deployment). This means the OIDC
> access token is mounted as a file into the application container so Camel
> client may read the token and set proper Authorization Http headers on each
> request.
>
> The OIDC tokens may expire and get renewed by Knative eventing. The renewal
> means that the volume mount is updated with the new token automatically.
> In order to refresh the token the Camel Knative client must read the token
> again. The Knative client options supports the token renewal on a `401
> forbidden` response from the Knative broker. Once the client has received the
> forbidden answer it automatically reloads the token from the volume mount to
> perform the renewal.
>
> As an alternative to that you may disable the token cache on the client so
> the token is always read from the volume mount for each request.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
