Hi, Mikhail > Then the REST client’s exchange with the node will follow the flow: > Client posts the client-id and client-secret to the token endpoint URL using > specified authentication type and receives an access token or error message. > At this point implementation should cache the token. > Client sends the access token to the REST API endpoint using the > client_secret_basic authentication type. > REST API implementation validates the token using the JWKS URL. >
^^ does not sound like a Basic Authentication that is used to be just a base64 encoded username-password pair. Shall we rename the proposal to "Authentication in Apache Ignite 3"? One more question, could you please describe the security-related about how should we store the password on the server? -- Best regards, Aleksandr > On 31 May 2023, at 09:34, Mikhail Pochatkin <m.a.pochat...@gmail.com> wrote: > > Hi, Igniters! > > Please take a look at the proposal for Basic Authentication in Apache > Ignite 3 [1]. > > Thanks for any feedback! > > 1. IEP-106: Basic Authentication - Apache Ignite - Apache Software > Foundation > <https://cwiki.apache.org/confluence/display/IGNITE/IEP-106%3A+Basic+Authentication>
