[jira] [Created] (NIFI-8407) Oidc Identity Provider should support assertions as client credentials for authenticating against the token endpoint

Vijay Jammi (Jira) Fri, 09 Apr 2021 00:26:06 -0700

Vijay Jammi created NIFI-8407:
---------------------------------

             Summary: Oidc Identity Provider should support assertions as 
client credentials for authenticating against the token endpoint
                 Key: NIFI-8407
                 URL: https://issues.apache.org/jira/browse/NIFI-8407
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Core Framework, Security
    Affects Versions: 1.11.4
            Reporter: Vijay Jammi



The current oidc client authentication methods (client_secret_post, 
client_secret_basic) require client credentials (client_secret) to be stored as 
plain text on the client's filesystem, which could also be inadvertently 
checked into source control system.

Due to these and other security considerations, we should be able to use 
assertions as client credentials for authenticating against the token endpoint.

 

 

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (NIFI-8407) Oidc Identity Provider should support assertions as client credentials for authenticating against the token endpoint

Reply via email to