Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OIDC Client Credentials Grant as authenthification method #2280

Closed
1 task done
ste1nstone opened this issue Oct 30, 2022 · 4 comments
Closed
1 task done

Add OIDC Client Credentials Grant as authenthification method #2280

ste1nstone opened this issue Oct 30, 2022 · 4 comments
Labels
feature-request Request for new features to be added

Comments

@ste1nstone
Copy link

⚠️ Please verify that this feature request has NOT been suggested before.

  • I checked and didn't find similar feature request

🏷️ Feature Request Type

Other

🔖 Feature description

At the moment you can use basic auth and ntlm to authenticate against http endpoints.
To monitor the availability of APIs it would be helpful to have the additional alternative with the OIDC Client Credentials Grant

✔️ Solution

request a jwt token and add it as bearer header to oidc protected http endoints

Most of the providers (I checked KeyCloak, AWS Cognito and Azure AD) implement the client credential flow according to the standard https://www.rfc-editor.org/rfc/rfc6749#section-4.4
Auth0 as another big provider adds an additional field to the request with audience

So my suggestion would be that if you select OIDC Client Credentials Grant as auth method in the UI you receive the following input fields
Mandatory:

  • Token Endpoint
  • Client Id
  • Client Secret

Optional:

  • Scope
  • Audience

Then before the actual http call is triggered a jwt token is requested and added to the http header.
Because the response of the grant flow should also contains an expire time the token can be cached.

❓ Alternatives

I'm aware that the push monitor would be alternative possibility but would be nice to handle the checks with a build in functionality

📝 Additional Context

I would also be willing to provide a PR for the topic
@ste1nstone ste1nstone added the feature-request Request for new features to be added label Oct 30, 2022
@cwchristerw
Copy link

cwchristerw commented Jul 8, 2023
edited
Loading

Related to #21 #553

@cwchristerw cwchristerw mentioned this issue Jul 8, 2023
Open
@hegerdes
Copy link
Contributor

hegerdes commented Jul 8, 2023

I provided a PR which implements this: #3119. Feel free to provide feedback!

@CommanderStorm
Copy link
Collaborator

Related to #553

Not related: this issue talks about adding a monitor (see #3119)

@hegerdes hegerdes mentioned this issue Jul 8, 2023
Merged
7 tasks
@CommanderStorm
Copy link
Collaborator

@ste1nstone
#3119 was merged, but we accidentally left this issue open.
Could you please close this issue?

PS: @hegerdes The next time please add Fixes #issuenumber as a literal string (github only understand one issue per fixes) as requested in #3119 (comment)
The reason is that otherwise resolved issues are not getting closed ^^

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request Request for new features to be added
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cwchristerw @CommanderStorm @hegerdes @ste1nstone