StandardOauth2AccessTokenProvider
Description
Provides OAuth 2.0 access tokens that can be used as Bearer authorization header in HTTP requests. Can use either Resource Owner Password Credentials Grant or Client Credentials Grant. Client authentication can be done with either HTTP Basic authentication or in the request body.
Tags
access token, authorization, http, oauth2, provider
Properties
In the list below required Properties are shown with an asterisk (*). Other properties are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.
| Display Name | API Name | Default Value | Allowable Values | Description |
|---|---|---|---|---|
| Authorization Server URL * | authorization-server-url | The URL of the authorization server that issues access tokens. Supports Expression Language, using Environment variables. | ||
| Client Authentication Strategy * | client-authentication-strategy | REQUEST_BODY |
| Strategy for authenticating the client against the OAuth2 token provider service. |
| Grant Type * | grant-type | User Password |
| The OAuth2 Grant Type to be used when acquiring an access token. |
| Username * | service-user-name | Username on the service that is being accessed. Supports Expression Language, using Environment variables. This property is only considered if:
| ||
| Password * | service-password | Password for the username on the service that is being accessed. This property is only considered if:
| ||
| Refresh Token * | refresh-token | Refresh Token. Supports Expression Language, using Environment variables. This property is only considered if:
| ||
| Client ID | client-id | Supports Expression Language, using Environment variables. | ||
| Client secret * | client-secret | This property is only considered if:
| ||
| Scope | scope | Space-delimited, case-sensitive list of scopes of the access request (as per the OAuth 2.0 specification) | ||
| Resource | resource | Resource URI for the access token request defined in RFC 8707 Section 2 | ||
| Audience | audience | Audience for the access token request defined in RFC 8693 Section 2.1 | ||
| Refresh Window * | refresh-window | 0 s | The service will attempt to refresh tokens expiring within the refresh window, subtracting the configured duration from the token expiration. | |
| SSL Context Service | ssl-context-service | Controller Service: SSLContextService Implementations: StandardRestrictedSSLContextService StandardSSLContextService | ||
| HTTP Protocols * | HTTP Protocols | h2 http/1.1 |
| HTTP Protocols supported for Application Layer Protocol Negotiation with TLS This property is only considered if:
|
| Proxy Configuration Service | proxy-configuration-service | Controller Service: ProxyConfigurationService Implementations: StandardProxyConfigurationService | Specifies the Proxy Configuration Controller Service to proxy network requests. Supported proxies: HTTP + AuthN |
State Management
This component does not store state.
Restricted
This component is not restricted.
System Resource Considerations
This component does not specify system resource considerations.