[jira] [Work logged] (KNOX-3109) Passcode Tokens to use as Bearer Token

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3109?focusedWorklogId=962345&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-962345
 ]

ASF GitHub Bot logged work on KNOX-3109:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Mar/25 15:13
            Start Date: 18/Mar/25 15:13
    Worklog Time Spent: 10m 
      Work Description: lmccay commented on code in PR #1005:
URL: https://github.com/apache/knox/pull/1005#discussion_r2001296584


##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java:
##########
@@ -279,7 +279,14 @@ public Pair<TokenType, String> getWireToken(final 
ServletRequest request) throws
               // what follows the bearer designator should be the JWT token 
being used
               // to request or as an access token
               token = header.substring(BEARER.length());
-              parsed = Pair.of(TokenType.JWT, token);
+
+              // if this appears to be a JWT token then attempt to use it as 
such
+              // otherwise assume it is a passcode token
+              if (isJWT(token)) {

Review Comment:
   hmmm, I don't really follow. getWireToken already returns Pair<TokenType, 
String> which is essentially the same thing, no? Are you suggesting that we 
refactor that to push it through the JWTToken ctor and catch an exception on 
every passcode use? Throwing exceptions for flow control is generally a poor 
practice for performance and design reasons. The current implementation only 
throws exceptions in exceptional conditions. Are you suggesting something other 
than my assumptions here?





Issue Time Tracking
-------------------

    Worklog Id:     (was: 962345)
    Time Spent: 0.5h  (was: 20m)

> Passcode Tokens to use as Bearer Token
> --------------------------------------
>
>                 Key: KNOX-3109
>                 URL: https://issues.apache.org/jira/browse/KNOX-3109
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>            Priority: Major
>             Fix For: 2.2.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Currently, passcode tokens can only be used as passwords with HTTP Basic 
> authentication headers.
> This change will enable them to be accepted as Authorization: Bearer tokens.
> Will need to be able to distinguish between a JWT and a Passcode token when 
> presented as a Bearer token.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)