components-contrib icon indicating copy to clipboard operation
components-contrib copied to clipboard
verified publisher icon dapr

Make 'scopes' optional in oauth2clientcredentials middleware

Open anschoewe opened this issue 1 year ago • 2 comments

In what area(s)?

/area runtime

/area operator

/area placement

/area docs

/area test-and-release

Describe the feature

Not all OAuth2 token issuers require scopes during the client_credential token exchange. For example, Auth0 does not accept 'scopes'.

Therefore, I believe 'scopes' should be optional in the oauth2clientcredentials middleware component. It's currently required to have a value.

Release Note

oauth2clientcredentials now supports optional scopes, making it compatible with token issuer's like Auth0.

RELEASE NOTE:

anschoewe avatar Apr 29 '24 17:04 anschoewe

Are you able to configure Auth0 using an empty value for the scopes today?

berndverst avatar May 01 '24 23:05 berndverst

Yes. I’ve been using it for years without specifying a scope. By that I mean I don’t even pass the key “scopes” in the request. Totally absent.

anschoewe avatar May 01 '24 23:05 anschoewe

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

github-actions[bot] avatar May 31 '24 23:05 github-actions[bot]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as pinned, good first issue, help wanted or triaged/resolved. Thank you for your contributions.

github-actions[bot] avatar Jun 07 '24 23:06 github-actions[bot]