syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <ilgro...@apache.org>
Subject Re: [DISCUSS] - Support Bearer authorization for JWT tokens?
Date Fri, 23 Jun 2017 10:17:27 GMT
On 23/06/2017 12:14, Colm O hEigeartaigh wrote:
> OK fair enough, here is the JIRA:
>
> https://issues.apache.org/jira/browse/SYNCOPE-112

Thanks!

> How do we maintain the release notes?

Not very efficiently ATM, I'd say: essentially, in the release process, 
there are some steps where commits related to each issue (part of the 
release) are inspected to find relevant changes which might cause 
troubles when upgrading.

Anyway, nothing prevents to start early drafting the release upgrade 
process before actual release.

Regards.

> On Fri, Jun 23, 2017 at 10:34 AM, Francesco Chicchiriccò <ilgrosso@apache.org>
wrote:
>
>> On 23/06/2017 11:17, Colm O hEigeartaigh wrote:
>>
>>> On Fri, Jun 23, 2017 at 9:36 AM, Francesco Chicchiriccò <
>>> ilgrosso@apache.org> wrote:
>>>
>>>> +1 for the "Bearer" Authorization header proposal, more standards are
>>>> welcome :-)
>>>>
>>>> Since we introduced JWT in 2.0.3, I am not sure whether it makes sense to
>>>> keep supporting the X-Syncope-Token header for further 2.0 releases or
>>>> not...
>>>>
>>> Well I guess it would break any REST clients that were written to use
>>> X-Syncope-Token for 2.0.3. It should be fairly straightforward just to
>>> check the two headers right?
>>>
>> It will break such clients for sure but we can include specific
>> instructions in the release notes.
>> My point is that such header is something introduced in 2.0.3, e.g. the
>> last stable release before 2.0.4: I am not sure we need to preserve
>> backward compatibility for that...
>>
>>
>> Regards.

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/


Mime
View raw message