[ https://issues.apache.org/jira/browse/HDFS-8155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14497039#comment-14497039 ]
Jakob Homan commented on HDFS-8155: ----------------------------------- After HDFS-8154, it will be much easier for other backends than Hadoop to offer access via the WebHDFS specification. In this environment, it would be good to support more types of authentication, even if Hadoop itself does not immediately support it. OAuth2 would be a good candidate. We should amend the WebHDFS spec to support OAuth tokens, specifically by providing either bearer/refresh tokens in the config ([RFC 4.1|https://tools.ietf.org/html/rfc6749#section-4.1], with the allowance that the tokens have already been obtained to obviate the need for user interaction), or via a credential that can be exchanged for those tokens ([RFC 4.3|https://tools.ietf.org/html/rfc6749#section-4.3]). This would allow a WebHDFS backed to support either OAuth2 or SPENGO. WebHDFS backends (including Hadoop) would only be expected to support one type of authentication per system and would be able to reject calls made using another type. Under this proposal, post HDFS-8154, the WebHDFSFileSystem will need to be updated to support presenting OAuth credentials, but it is not necessary to modify the Namenode or Datanodes to accept them. That can be done as part of HADOOP-11744. > Support OAuth2 authentication in WebHDFS > ---------------------------------------- > > Key: HDFS-8155 > URL: https://issues.apache.org/jira/browse/HDFS-8155 > Project: Hadoop HDFS > Issue Type: New Feature > Components: webhdfs > Reporter: Jakob Homan > > WebHDFS should be able to accept OAuth2 credentials. -- This message was sent by Atlassian JIRA (v6.3.4#6332)