openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carlos Santana <csantan...@gmail.com>
Subject Re: oauth token verification in the controller
Date Fri, 21 Jun 2019 11:56:49 GMT
Rodric I think having additional authentication methods no one will object, but the devil are
in the details :-)

Also when you say things like “replace” with no more context some folks that are using
the software in production, quickly jump into the conclusion on “Now I have thousands of
end users suddenly can’t authenticate and applications in the field broken :sob: “

The current auth SPI I believe allows the controller to be customize to handle an authorization
header of “Bearer” token instead of “Basic”

If your are referring to OAuth 2.0 is quite large but maybe your referring to discussing “Scopes”
in an OpenWhisk world, ability to have more grain control. 

For example ability to have a token with a scope have the ability to delete artifacts vs a
token that is only allow to create but not delete vs a token that is only allow to invoke
a trigger with “long” expiration time and nothing else. 

- Carlos Santana
@csantanapr

> On Jun 21, 2019, at 7:23 AM, Rodric Rabbah <rodric@gmail.com> wrote:
> 
> I'm curious if anyone has thought about or implemented an oauth based
> authentication mechanism in the controller. I've thought about replacing
> the subject authentication with oauth and think it would not be a lot of
> work to do although it does have some wider implications.
> 
> -r

Mime
View raw message