feat: Added audience param to oauth request body (optional) #157
Conversation
|
Unsure if this requires anything additional to be added, but I have done some testing locally and this seems to work as expected and simply adds |
There was a problem hiding this comment.
@davidvanwyk thanks for this PR.
Do we know of any other provider implementing this field apart from Auth0? Looking for some reference, as seems to not be backed by a standard (some refer to this draft RFC: https://datatracker.ietf.org/doc/html/draft-tschofenig-oauth-audience-00 here https://stackoverflow.com/questions/45876960/how-to-specify-audience-for-an-oauth2-access-token)
Though, Auth0 may be enough providers to adopt this :)
About changes proposed, seems sensible to follow the same approach as scope which is also optional. If we agree that this field is a common one, I'd be happy with this implementation. Left some minor comments.
| @@ -1 +1 @@ | |||
| version=0.7.0-SNAPSHOT | |||
| version=0.7.1-SNAPSHOT | |||
There was a problem hiding this comment.
maybe not related to this change?
| @@ -47,6 +47,10 @@ public HttpRequest.Builder build(final HttpSinkConfig config) { | |||
| if (config.oauth2ClientScope() != null) { | |||
| accessTokenRequestBodyBuilder.add(encodeNameAndValue("scope", config.oauth2ClientScope())); | |||
| } | |||
| if (config.oauth2ClientAudience() != null) { | |||
There was a problem hiding this comment.
Could we add tests covering this new field?
Often OAuth IDPs require an audience parameter to exist in the body of the client credentials flow (eg. Auth0). This makes this possible.