[
https://issues.apache.org/jira/browse/HDFS-8155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14497039#comment-14497039
]
Jakob Homan commented on HDFS-8155:
-----------------------------------
After HDFS-8154, it will be much easier for other backends than Hadoop to offer
access via the WebHDFS specification. In this environment, it would be good to
support more types of authentication, even if Hadoop itself does not
immediately support it. OAuth2 would be a good candidate. We should amend the
WebHDFS spec to support OAuth tokens, specifically by providing either
bearer/refresh tokens in the config ([RFC
4.1|https://tools.ietf.org/html/rfc6749#section-4.1], with the allowance that
the tokens have already been obtained to obviate the need for user
interaction), or via a credential that can be exchanged for those tokens ([RFC
4.3|https://tools.ietf.org/html/rfc6749#section-4.3]).
This would allow a WebHDFS backed to support either OAuth2 or SPENGO. WebHDFS
backends (including Hadoop) would only be expected to support one type of
authentication per system and would be able to reject calls made using another
type.
Under this proposal, post HDFS-8154, the WebHDFSFileSystem will need to be
updated to support presenting OAuth credentials, but it is not necessary to
modify the Namenode or Datanodes to accept them. That can be done as part of
HADOOP-11744.
> Support OAuth2 authentication in WebHDFS
> ----------------------------------------
>
> Key: HDFS-8155
> URL: https://issues.apache.org/jira/browse/HDFS-8155
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: webhdfs
> Reporter: Jakob Homan
>
> WebHDFS should be able to accept OAuth2 credentials.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
