Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KNOX-3016 - add support for client credentials flow #876

Merged
merged 4 commits into from
Mar 12, 2024
Merged

KNOX-3016 - add support for client credentials flow #876

merged 4 commits into from
Mar 12, 2024

Conversation

lmccay
Copy link
Contributor

@lmccay lmccay commented Mar 8, 2024
edited
Loading

What changes were proposed in this pull request?

Adding support for integrations to Knox proxied services and APIs via OAuth style cllient credentials flow. This allows an integration that is provided a CLIENT_ID and CLIENT_SECRET to authenticate to Knox and directly access proxied services with those or exchange those credentials for short lived JWT based access, id and refresh tokens.

This change introduces only the acceptance of the Knox TokenID and Passcode tokens as CLIENT_ID and CLIENT_SECRET in a standard OAuth 2.0 client credentials flow request body. This body will contain the following params:

  1. grant_type and it will be "client_credentials"
  2. client_id which will be the KnoxToken tokenId or KnoxID
  3. client_secret which will be the passcode token for which we store the hash

Authentication using this flow will result in the effective user being what is provided as the CLIENT_ID.

How was this patch tested?

Ran existing tests and added new unit tests

Please review Knox Contributing Process before opening a pull request.

@lmccay lmccay requested a review from smolnar82 March 11, 2024 23:16
smolnar82
smolnar82 approved these changes Mar 12, 2024
View reviewed changes
Copy link
Contributor

@smolnar82 smolnar82 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lmccay lmccay merged commit 8f38723 into apache:master Mar 12, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smolnar82 smolnar82 smolnar82 approved these changes

@zeroflag zeroflag Awaiting requested review from zeroflag

@pzampino pzampino Awaiting requested review from pzampino

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lmccay @smolnar82