[KAFKA-16345] Optionally allow urlencoding clientId and clientSecret in authorization header - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.9.0
Component/s: None
Labels:
- kip

Description

When a client communicates with OIDC provider to retrieve an access token RFC-6749 says that clientID and clientSecret must be urlencoded in the authorization header. (see https://tools.ietf.org/html/rfc6749#section-2.3.1) However, it seems that in practice some OIDC providers do not enforce this, so I was thinking about introducing a new configuration parameter that will optionally urlencode clientId & clientSecret in the authorization header.

Link to the KIP https://cwiki.apache.org/confluence/display/KAFKA/KIP-1025%3A+Optionally+URL-encode+clientID+and+clientSecret+in+authorization+header

Attachments

Issue Links

links to

GitHub Pull Request #15475

mentioned in: Page Loading...

Activity

People

Assignee:: Nelson B.

Reporter:: Nelson B.

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Mar/24 11:18

Updated:: 09/Jul/24 16:54

Resolved:: 09/Jul/24 16:54