[jira] [Created] (NIFI-5302) Support for OIDC access token based auth for API
Federico Michele Facca created NIFI-5302: Summary: Support for OIDC access token based auth for API Key: NIFI-5302 URL: https://issues.apache.org/jira/browse/NIFI-5302 Project: Apache NiFi Issue Type: New Feature Reporter: Federico Michele Facca Currently OIDC is only supported via implicit grant flow. This is perfectly fine for the UI, but it makes impossible to programmatically interact with the APIs using OIDC. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (NIFI-4890) OIDC Token Refresh is not done correctly
Federico Michele Facca created NIFI-4890: Summary: OIDC Token Refresh is not done correctly Key: NIFI-4890 URL: https://issues.apache.org/jira/browse/NIFI-4890 Project: Apache NiFi Issue Type: Bug Components: Core UI Affects Versions: 1.5.0 Environment: Environment: Browser: Chrome / Firefox Configuration of NiFi: - SSL certificate for the server (no client auth) - OIDC configuration including end_session_endpoint (see the link https://auth.s.orchestracities.com/auth/realms/default/.well-known/openid-configuration) Reporter: Federico Michele Facca It looks like the NIFI UI is not refreshing the OIDC token in background, and because of that, when the token expires, tells you that your session is expired. and you need to refresh the page, to get a new token. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (NIFI-4889) Logout not working properly with OIDC
Federico Michele Facca created NIFI-4889: Summary: Logout not working properly with OIDC Key: NIFI-4889 URL: https://issues.apache.org/jira/browse/NIFI-4889 Project: Apache NiFi Issue Type: Bug Components: Core UI Affects Versions: 1.5.0 Environment: Browser: Chrome / Firefox Configuration of NiFi: - SSL certificate for the server (no client auth) - OIDC configuration including end_session_endpoint (see the link https://auth.s.orchestracities.com/auth/realms/default/.well-known/openid-configuration) Reporter: Federico Michele Facca Click on logout, i would expect to logout and getting redirect to the auth page. But given that the session is not closed on the oauth provider, i get logged in again. I suppose the solution would be to invoke the end_session_endpoint provided in the openid discovery configuration. -- This message was sent by Atlassian JIRA (v7.6.3#76005)