On 23/06/2017 10:34, Colm O hEigeartaigh wrote:
Hi all,
Larry McCay from Apache Knox (amongst other projects) raised an interesting
point here:
https://twitter.com/lmccay/status/877981989638356992
Rather than use a custom header "X-Syncope-Token" to include the JWT token
when invoking on the Syncope REST services, we might as well instead use
the "Bearer" Authorization header to follow the standards:
https://tools.ietf.org/html/rfc6750
We could support both for 2.0.4 and then switch to only supporting the
Authorization header for 2.1.0.
WDYT?
+1 for the "Bearer" Authorization header proposal, more standards are
welcome :-)
Since we introduced JWT in 2.0.3, I am not sure whether it makes sense
to keep supporting the X-Syncope-Token header for further 2.0 releases
or not...
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
