[
https://issues.apache.org/jira/browse/NIFI-11014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17653164#comment-17653164
]
David Handermann commented on NIFI-11014:
-----------------------------------------
Unfortunately the current OpenID Connect implementation has limitations when it
comes to programmatic access, as you have observed. One alternative is to
provision trusted X.509 certificates that programmatic clients can use for
interacting with the NiFi REST API.
I am evaluating improvements to the OIDC implementation, which could make it
easier to implement additional authentication strategies based on OAuth2 Access
Tokens.
> JWT token is rejected by NiFi when calling APIs
> -----------------------------------------------
>
> Key: NIFI-11014
> URL: https://issues.apache.org/jira/browse/NIFI-11014
> Project: Apache NiFi
> Issue Type: Bug
> Components: NiFi Stateless
> Affects Versions: 1.15.3
> Environment: NiFi with Keycloak as OIDC provider.
> Reporter: Irudya Raj
> Priority: Major
>
> I have created oauth token using spring boot and transferred this token to
> authorization header bearer. NiFi is configured with PS512 JWS algorithm via
> nifi.security.user.oidc.preferred.jwsalgorithm property. But the API request
> fails with message "nifi unable to validate the id token: signed jwt
> rejected: another algorithm expected, or no matching key(s) found"
> I am able to use NiFi web. Keycloak is configure to use PS512 algo for ID
> token and access tokens.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
