You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/09/04 00:14:09 UTC

[GitHub] [pulsar] EronWright commented on issue #7952: OAuth2 url .well-known not parsed correctly

EronWright commented on issue #7952:
URL: https://github.com/apache/pulsar/issues/7952#issuecomment-686827234


   Regarding the openid configuration document location, @cuzyoucant is correct that the base path of the `issuerUrl` should be preserved, to better interoperate with Keycloak and others.  The following expression would work robustly:
   `URI.create(issuerUrl.toExternalForm() + "/.well-known/openid-configuration").normalize().toURL();`
   
   Regarding the CPP client issue, I believe the token endpoint should be obtained from the openid configuration document, specifically the `token_endpoint` value, as documented here:
   https://tools.ietf.org/html/rfc8414#section-2
   
   The overarching idea is, from the configured `issuerUrl` we get the openid configuration document, and from that we get the token endpoint.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org