syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <ilgro...@apache.org>
Subject Re: [DISCUSS] - Support Bearer authorization for JWT tokens?
Date Fri, 23 Jun 2017 08:36:52 GMT
On 23/06/2017 10:34, Colm O hEigeartaigh wrote:
> Hi all,
>
> Larry McCay from Apache Knox (amongst other projects) raised an interesting
> point here:
>
> https://twitter.com/lmccay/status/877981989638356992
>
> Rather than use a custom header "X-Syncope-Token" to include the JWT token
> when invoking on the Syncope REST services, we might as well instead use
> the "Bearer" Authorization header to follow the standards:
>
> https://tools.ietf.org/html/rfc6750
>
> We could support both for 2.0.4 and then switch to only supporting the
> Authorization header for 2.1.0.
>
> WDYT?

+1 for the "Bearer" Authorization header proposal, more standards are 
welcome :-)

Since we introduced JWT in 2.0.3, I am not sure whether it makes sense 
to keep supporting the X-Syncope-Token header for further 2.0 releases 
or not...

Regards.

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/


Mime
View raw message