StandardOauth2AccessTokenProvider¶

Description¶

Provides OAuth 2.0 access tokens that can be used as Bearer authorization header in HTTP requests. Can use either Resource Owner Password Credentials Grant or Client Credentials Grant. Client authentication can be done with either HTTP Basic authentication or in the request body.

Tags¶

access token, authorization, http, oauth2, provider

Properties¶

In the list below required Properties are shown with an asterisk (*). Other properties are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.

Display Name

API Name

Default Value

Allowable Values

Description

HTTP Protocols *

HTTP Protocols

H2_HTTP_1_1

  • http/1.1

  • h2 http/1.1

  • h2

HTTP Protocols supported for Application Layer Protocol Negotiation with TLS

Audience

audience

Audience for the access token request defined in RFC 8693 Section 2.1

Authorization Server URL *

authorization-server-url

The URL of the authorization server that issues access tokens.

Client Authentication Strategy *

client-authentication-strategy

REQUEST_BODY

  • REQUEST_BODY

  • BASIC_AUTHENTICATION

Strategy for authenticating the client against the OAuth2 token provider service.

Client ID

client-id

Client secret *

client-secret

Grant Type *

grant-type

password

  • User Password

  • Client Credentials

  • Refresh Token

The OAuth2 Grant Type to be used when acquiring an access token.

Proxy Configuration Service

proxy-configuration-service

Specifies the Proxy Configuration Controller Service to proxy network requests. Supported proxies: HTTP + AuthN

Refresh Token *

refresh-token

Refresh Token.

Refresh Window *

refresh-window

0 s

The service will attempt to refresh tokens expiring within the refresh window, subtracting the configured duration from the token expiration.

Resource

resource

Resource URI for the access token request defined in RFC 8707 Section 2

Scope

scope

Space-delimited, case-sensitive list of scopes of the access request (as per the OAuth 2.0 specification)

Password *

service-password

Password for the username on the service that is being accessed.

Username *

service-user-name

Username on the service that is being accessed.

SSL Context Service

ssl-context-service

State management¶

This component does not store state.

Restricted¶

This component is not restricted.

System Resource Considerations¶

This component does not specify system resource considerations.

Language: English