...
- Client posts the client-id and client-secret to the token endpoint URL using specified authentication type and receives an access token or error message. At this point implementation should cache the token.
- Client sends the access token to the REST API endpoint using the client_secret_basic authentication type.
- REST API implementation validates the token using the JWKS URL.
Tickets
[IGNITE-19597] Ignite3 Basic Authentication Support - ASF JIRA (apache.org)