You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 24, 2024. It is now read-only.
On the page https://github.com/streamnative/kop/blob/master/docs/security.md#oauthbearer, it shows an example client configuration of scope equaling api://pulsar-cluster-1/.default and audience equaling https://broker.example.com.
However, RFC-6749 section 3.3 indicates that the Access Token Scope parameter ("scope") is to inform the authorization server of the authorization scope requested by the client. (A given access token can carry multiple scopes, as explained here: https://community.auth0.com/t/understanding-how-the-audience-concept-actually-works/34011/3 )
The syntax in the KoP doc for the scope example, api://pulsar-cluster-1/.default, appears more like what I'd expect the audience parameter value to look like since audience is a resource identifier that is unique to the token. In the example in the KoP doc, https://broker.example.com is not something that would be unique to a token.
The text was updated successfully, but these errors were encountered:
On the page https://github.com/streamnative/kop/blob/master/docs/security.md#oauthbearer, it shows an example client configuration of
scope
equalingapi://pulsar-cluster-1/.default
andaudience
equalinghttps://broker.example.com
.However, RFC-6749 section 3.3 indicates that the Access Token Scope parameter ("scope") is to inform the authorization server of the authorization scope requested by the client. (A given access token can carry multiple scopes, as explained here: https://community.auth0.com/t/understanding-how-the-audience-concept-actually-works/34011/3 )
The syntax in the KoP doc for the scope example,
api://pulsar-cluster-1/.default
, appears more like what I'd expect theaudience
parameter value to look like sinceaudience
is a resource identifier that is unique to the token. In the example in the KoP doc,https://broker.example.com
is not something that would be unique to a token.The text was updated successfully, but these errors were encountered: