On Mon, 2022-12-05 at 11:53 -0500, larry mccay wrote: > > > Hi Oleg - > > > > Happy to see Bearer Tokens coming in as a first class auth scheme. > > > > Can you be a bit clearer on continued support for SPNEGO and > > KERBEROS > > going forward for those still using them? > > Disabling them by default means that we will need to explicitly > > enable > > them? > > Deprecating them means that you plan to remove them completely? > > > > thanks! > > > > --larry > >
Hi Larry According to Michael, who is the only developer with Kerberos expertise in our project, SPNEGO / Kerberos auth schemes in all versions of HttpClient are irreparably broken. Those auth modules have already been marked experimental in the 5.x code line. In the long run we cannot ship features we are not able to properly support. The plan is to disable and deprecate them in 5.3 and remove them entirely in 6.0 (if it ever happens). One would need to explicitly enable those auth schemes as of 5.3 in order to continue using them. Oleg > > On Sat, Dec 3, 2022 at 6:48 AM Oleg Kalnichevski <ol...@apache.org> > > wrote: > > > > > Folks > > > > > > Feel free to review and comment. > > > > > > The change-set in this branch adds support for the Bearer auth > > > scheme > > > as defined in RFC 6750 > > > > > > > > > https://github.com/apache/httpcomponents-client/compare/master...bearer_auth_support > > > > > > The Bearer scheme can be used with OAuth 2.0, JWT and presumably > > > any > > > other type of tokens. > > > > > > As the next step I would like to deprecate NTLM, SPNEGO and > > > KERBEROS > > > schemes in favor of standard Basic / Bearer over TLS and to > > > disable > > > them by default. > > > > > > Oleg > > > > > > ----------------------------------------------------------------- > > > ---- > > > To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org > > > For additional commands, e-mail: dev-h...@hc.apache.org > > > > > >
