[jira] [Work logged] (KNOX-3109) Passcode Tokens to use as Bearer Token

Sat, 05 Apr 2025 10:46:20 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3109?focusedWorklogId=962231&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-962231
 ]

ASF GitHub Bot logged work on KNOX-3109:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Mar/25 08:11
            Start Date: 18/Mar/25 08:11
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on code in PR #1005:
URL: https://github.com/apache/knox/pull/1005#discussion_r2000434869


##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java:
##########
@@ -279,7 +279,14 @@ public Pair<TokenType, String> getWireToken(final 
ServletRequest request) throws
               // what follows the bearer designator should be the JWT token 
being used
               // to request or as an access token
               token = header.substring(BEARER.length());
-              parsed = Pair.of(TokenType.JWT, token);
+
+              // if this appears to be a JWT token then attempt to use it as 
such
+              // otherwise assume it is a passcode token
+              if (isJWT(token)) {

Review Comment:
   I'm not sure I like this approach. What if `getWireToken` actually returns a 
`WireTokenResult` (abstract) with 2 sub-classes:
   - one holds a JWTToken (tokenType = JWT)
   - another one holds a Passcode token (tokenType = Passcode)
   
   Then `getWireToken` could actually try and parse the header value and could 
handle `ParseException` if it's not a JWT. Please note this is still a cheap 
String operation in the background (i.e. no signature verification yet).
   
   What do you think?





Issue Time Tracking
-------------------

    Worklog Id:     (was: 962231)
    Time Spent: 20m  (was: 10m)

> Passcode Tokens to use as Bearer Token
> --------------------------------------
>
>                 Key: KNOX-3109
>                 URL: https://issues.apache.org/jira/browse/KNOX-3109
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>            Priority: Major
>             Fix For: 2.2.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Currently, passcode tokens can only be used as passwords with HTTP Basic 
> authentication headers.
> This change will enable them to be accepted as Authorization: Bearer tokens.
> Will need to be able to distinguish between a JWT and a Passcode token when 
> presented as a Bearer token.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to