You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/09/25 01:36:51 UTC

[GitHub] [pulsar] danielorf opened a new pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

danielorf opened a new pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186

<!--
### Contribution Checklist

- Name the pull request in the form "[Issue XYZ][component] Title of the pull request", where *XYZ* should be replaced by the actual issue number.
Skip *Issue XYZ* if there is no associated github issue for this pull request.
Skip *component* if you are unsure about which is the best component. E.g. `[docs] Fix typo in produce method`.

- Fill out the template below to describe the changes contributed by the pull request. That will give reviewers the context they need to do the review.

- Each pull request should address only one issue, not mix up code from multiple issues.

- Each commit in the pull request has a meaningful commit message

- Once all items of the checklist are addressed, remove the above text and this checklist, leaving only the filled out template below.

**(The sections below can be removed for hotfixes of typos)**
-->

Fixes #12182

### Motivation
Token request should use Basic auth instead of urlencoded credentials

### Modifications

Replaced the URLEncoded OAuth2 creds with the `Authorization Basic ...` variant in accordance with [RFC 6749 section 2.3.1](https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1) recommendation.

Note that this could affect users of OAuth2 where their token provider accepts URLEncoded credentials but not `Authorization Basic ...` header - which would be against the recommendation of [RFC 6749 section 2.3.1](https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1).

### Verifying this change

- [ ] Make sure that the change passes the CI checks.
- Updated TokenClientTest to reflect the cred request change

### Documentation

Check the box below and label this PR (if you have committer privilege).

Need to update docs?

- [ ] doc-required

- [X] no-need-doc

**Simply correcting the request type when requesting a token from OAuth2 provider**

- [ ] doc

--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] danielorf commented on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

danielorf commented on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-935167865


   /pulsarbot run-failure-checks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] michaeljmarshall commented on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

michaeljmarshall commented on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-928390223


   /pulsarbot run-failure-checks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] danielorf commented on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

danielorf commented on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-927339629


   Can someone with access to CI restart the pipeline?  It appears that one of the jobs was canceled (but the rest passed).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] danielorf commented on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

danielorf commented on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-930349616


   Good to know, thanks.  Is this documented anywhere? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] github-actions[bot] commented on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-1054902672


   The pr had no activity for 30 days, mark with Stale label.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] lmccay commented on a change in pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

lmccay commented on a change in pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#discussion_r761493238



##########
File path: pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/oauth2/protocol/TokenClient.java
##########
@@ -96,10 +98,9 @@ String buildClientCredentialsBody(Map<String, String> bodyMap) {
      */
     public TokenResult exchangeClientCredentials(ClientCredentialsExchangeRequest req)
             throws TokenExchangeException, IOException {
+        String credPayload = req.getClientId() + ":" + req.getClientSecret();
         Map<String, String> bodyMap = new TreeMap<>();
         bodyMap.put("grant_type", "client_credentials");
-        bodyMap.put("client_id", req.getClientId());
-        bodyMap.put("client_secret", req.getClientSecret());

Review comment:
       Is there a backward compatibility issue here that could be avoided with client side config, sys property or something?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] danielorf edited a comment on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

danielorf edited a comment on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-930349616


   Good to know, thanks.  Is this documented anywhere? 
   
   [Edit:  Found it [here](https://github.com/apache/pulsar-test-infra/blob/master/pulsarbot/README.md)]


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] danielorf commented on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

danielorf commented on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-935167655


   I see what looks like an unusual error in the `CI - Unit - Brokers - Broker Group 1` / `run unit test 'BROKER_GROUP_1'` stage:
   
   ```
   [INFO] Running org.apache.pulsar.utils.StatsOutputStreamTest
   [INFO] Tests run: 0, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.008 s - in org.apache.pulsar.utils.StatsOutputStreamTest
   Warning:  Tests run: 29, Failures: 0, Errors: 0, Skipped: 2, Time elapsed: 1,489.704 s - in org.apache.pulsar.broker.service.ReplicatorTest
   [INFO] Tests run: 70, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 482.895 s - in org.apache.pulsar.broker.admin.TopicPoliciesTest
   Error: The operation was canceled.
   ```
   
   I'm going to re-run again but may need some help debugging the test environment.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] danielorf commented on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

danielorf commented on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-930349890


   /pulsarbot run-failure-checks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] danielorf commented on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

danielorf commented on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-930349616






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] michaeljmarshall commented on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

michaeljmarshall commented on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-928390223






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] danielorf edited a comment on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

danielorf edited a comment on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-930349616


   Good to know, thanks.  Is this documented anywhere? 
   
   [Edit:  Found it [here](https://github.com/apache/pulsar-test-infra/blob/master/pulsarbot/README.md)]


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] michaeljmarshall commented on pull request #12186: (Fixes #12182) Replaced urlencoded OAuth2 creds with Basic header

Posted by GitBox <gi...@apache.org>.

michaeljmarshall commented on pull request #12186:
URL: https://github.com/apache/pulsar/pull/12186#issuecomment-928391273


   > Can someone with access to CI restart the pipeline? It appears that one of the jobs was canceled (but the rest passed).
   
   For future reference, the bot responds to anyone posting that comment to a PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org