Closed dweber019 closed 11 months ago
Hey @dweber019,
This is indeed a bug, I was looking a the code and the client was being closed by mistake. However, I would like to know more about why you want to use the password grant since there are way more secure ways of interacting with the server (either going through the UI or using the application directly). I know that there are tools that do not support anything else but basic authentication, but that's essentially the reason why we built the basic client-credentials-based feature. Is there any particular reason for using this flow in particular?
Thanks!
This is basically the reason for your problem -> https://github.com/Apicurio/apicurio-common-app-components/pull/121
Hey @carlesarnal We are aware of the issues with the password grant 😉 Sadly our current setup only supports technical users with the password grant as these technical users aren't represented as oAuth client and therefor we can't use the client credentials flow as of now but we are working on it.
Similar to Flyway, we have the avro schemas in our source repos and these avro's are managed with the maven plugin. We don't allow anonymous access to the registry and therefor we need to use the basic auth feature with password grant.
Sorry for the delay. OK, that makes sense then. This will be included in an upcoming 2.5.0.Final release.
Description
Registry Version: 2.4.4 Persistence type: kafkasql
Environment
We are using AMQ Streams 2.3 (latest patch), RHSSO 7.6 (latest patch) on OpenShift. Our ApicurioRegistry CRD is configured like this:
We have CLIENT_CREDENTIALS_BASIC_AUTH_ENABLED=false as we want to use the direct access grant and not the client credentials flow.
All functionality beside the basic auth is working fine.
Steps to Reproduce
Do the following call with basic auth information to a existing artifact:
The first call will be fine an return the expected result. If I repeat the call a second time, I get the following log entry.
I guess there is a vertx error, maybe closing / concurrency issue beginning from io.apicurio.rest.client.auth.OidcAuth.obtainAccessTokenPasswordGrant
Logs