[
https://issues.apache.org/jira/browse/QPID-7029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15123380#comment-15123380
]
Rob Godfrey commented on QPID-7029:
-----------------------------------
See [RFC-6750|https://tools.ietf.org/html/rfc6750] relating to using bearer
tokens for authorization (in particular section 2.1).
The responsibility of the preemptive authenticator will be at most to check to
see if the authentication provider for the port is an OAuth2 provider, then to
see if the request header carries a bearer token, and if so to pass that bearer
token to the OAuth2 Authentication Provider to attempt authorization.
> [Java Broker] Add OAuth2 PreemptiveAuthenticator
> ------------------------------------------------
>
> Key: QPID-7029
> URL: https://issues.apache.org/jira/browse/QPID-7029
> Project: Qpid
> Issue Type: New Feature
> Components: Java Broker
> Reporter: Lorenz Quack
>
> We want to support non-browser use cases like cURL. To play nice with the
> OAuth2 AuthenticationProvider (QPID-7028) we need a PreemptiveAuthenticator.
> It should look for the auth grant or auth code in the request header and if
> present forward it to the OAuth2AuthenticationProvider.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
