[
https://issues.apache.org/jira/browse/CAMEL-21383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christoph Deppisch updated CAMEL-21383:
---------------------------------------
Description:
The Knative eventing broker may use OIDC (OpenID Connect) as an authorization
protocol. Clients need to use the respective tokens to authenticate via Https
when connecting to the Knative broker in order to produce events.
OpenID Connect (OIDC) is an identity authentication protocol that works with
OAuth 2.0 to standardize the process for authenticating and authorizing users.
Knative eventing supports OIDC access tokens that get injected as part of a
SinkBinding resource. The injection is done in the form of a volume mount on
the sink binding subject (usually the app deployment). This means the OIDC
access token is mounted as a file into the application container so Camel
client may read the token and set proper Authorization Http headers on each
request.
The OIDC tokens may expire and get renewed by Knative eventing. The renewal
means that the volume mount is updated with the new token automatically.
In order to refresh the token the Camel Knative client must read the token
again. The Knative client options supports the token renewal on a `401
forbidden` response from the Knative broker. Once the client has received the
forbidden answer it automatically reloads the token from the volume mount to
perform the renewal.
As an alternative to that you may disable the token cache on the client so the
token is always read from the volume mount for each request.
was:The Knative eventing broker may use OIDC (OpenID Connect) as an
authorization protocol. Clients need to use the respective tokens to
authenticate via Https when connecting to the Knative broker in order to
produce events.
> Add OIDC support for Knative Http client
> ----------------------------------------
>
> Key: CAMEL-21383
> URL: https://issues.apache.org/jira/browse/CAMEL-21383
> Project: Camel
> Issue Type: Improvement
> Components: camel-knative-http
> Reporter: Christoph Deppisch
> Priority: Major
> Fix For: 4.9.0
>
>
> The Knative eventing broker may use OIDC (OpenID Connect) as an authorization
> protocol. Clients need to use the respective tokens to authenticate via Https
> when connecting to the Knative broker in order to produce events.
>
> OpenID Connect (OIDC) is an identity authentication protocol that works with
> OAuth 2.0 to standardize the process for authenticating and authorizing users.
> Knative eventing supports OIDC access tokens that get injected as part of a
> SinkBinding resource. The injection is done in the form of a volume mount on
> the sink binding subject (usually the app deployment). This means the OIDC
> access token is mounted as a file into the application container so Camel
> client may read the token and set proper Authorization Http headers on each
> request.
>
> The OIDC tokens may expire and get renewed by Knative eventing. The renewal
> means that the volume mount is updated with the new token automatically.
> In order to refresh the token the Camel Knative client must read the token
> again. The Knative client options supports the token renewal on a `401
> forbidden` response from the Knative broker. Once the client has received the
> forbidden answer it automatically reloads the token from the volume mount to
> perform the renewal.
>
> As an alternative to that you may disable the token cache on the client so
> the token is always read from the volume mount for each request.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
