Re: [Patch] mod_auth_bearer / mod_autht_jwt: An alternative to AJP

[Graham Leggett via dev]

On 19 Mar 2020, at 12:26, Graham Leggett <minf...@sharp.fm> wrote: On 19 Mar 2020, at 02:40, Eric Covener <cove...@gmail.com> wrote: Neat, have you thought about mod_auth_form in relation to this? Something on my wishlist has been to not put the password in the session / not continue to call the original auth provider. Yes - the two modules that will benefit from token support are mod_session (which mod_auth_form is just one possible “onramp” to obtain a session token), and mod_ssl, where the token is the cert. Getting back to this. Added in r1909409 and r1909411. There is a corresponding library for tomcat that allows it to receive bearer auth here: https://github.com/minfrin/tomcat-jwt-authenticator Regards, Graham —