Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] OAuth support for Basic authentication to authorization server's tokenUrl #1294

Closed
hkelley opened this issue Apr 26, 2020 · 3 comments
Closed

[Feature Request] OAuth support for Basic authentication to authorization server's tokenUrl #1294

hkelley opened this issue Apr 26, 2020 · 3 comments
Assignees
@To-om
Labels
bug
Milestone
3.5.0-RC1

Comments

@hkelley
Copy link

hkelley commented Apr 26, 2020
edited
Loading

Current version of OAuth2Srv.scala assumes the authorization servers support the the RFC 6750 Bearer token.

Some authorization servers (Okta) only support Basic auth.
https://developer.okta.com/docs/reference/api/oidc/#token

Possible Solution

Add a configuration option to allow the selection of an authentication scheme, Bearer or Basic.
Modify OAuth2Srv.scala at around line 96 to build an appropriate Authorization header based on the configuration option.
@hkelley hkelley added the bug label Apr 26, 2020
@hkelley hkelley changed the title [Feature Request] OAuth support for Basic authentication [Feature Request] OAuth support for Basic authentication to authorization server Apr 26, 2020
@hkelley hkelley mentioned this issue Apr 27, 2020
Closed
@hkelley hkelley changed the title [Feature Request] OAuth support for Basic authentication to authorization server [Feature Request] OAuth support for Basic authentication to authorization server's tokenUrl Apr 27, 2020
@To-om
Copy link
Contributor

To-om commented Jun 1, 2020

The basic authentication header format is Authorization: Basic base64(user:password). I don't have user and password, so what should I put in that header ? The token ?

@To-om To-om added this to the 3.5.0-RC1 milestone Jun 1, 2020
@hkelley
Copy link
Author

hkelley commented Jun 1, 2020

I think I was mistaken when I opened this. The bearer token mechanism in TheHive is working with Okta (bearer/access token from Authentication servers is delivered in an HTTP Authorizaion header to /token endpoint).

@hkelley hkelley closed this as completed Jun 1, 2020
@To-om
Copy link
Contributor

To-om commented Jun 1, 2020

Ok.
TheHive4 works with Okta and I'll use OAuth2 module from TheHive4 in TheHive3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
bug
Projects
None yet
Milestone
3.5.0-RC1
Development

No branches or pull requests
2 participants
@hkelley @To-om