[jira] [Commented] (HDFS-8155) Support OAuth2 authentication in WebHDFS

Fri, 17 Apr 2015 15:41:41 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-8155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14500828#comment-14500828
 ] 

Kai Zheng commented on HDFS-8155:
---------------------------------

Hi [~jghoman],
bq.We should amend the WebHDFS spec to support OAuth tokens, specifically by 
providing either bearer/refresh tokens in the config (RFC 4.1, with the 
allowance that the tokens have already been obtained to obviate the need for 
user interaction), or via a credential that can be exchanged for those tokens 
(RFC 4.3).
I understand you're externalizing and defining a generic WebHDFS interface and 
spec for more backend stores other than just HDFS. That looks great to me. As 
you may use Swagger or RAML to define the REST interface and generate the spec 
doc accordingly, I'm not yet sure if we need to couple with OAuth2 stuff with 
it, or how tightly if we have to. We have already support Simple, SPNEGO and 
DT, how they existing methods would be defined in your spec? I would take a 
look. In HADOOP-11766 we're working on a generic token support for Hadoop, 
based on it and a general token representation or API {{AuthToken}} would have 
the OAuth2 token support. We're going this way because there may different 
OAuth2 token providers and corresponding specifics. Simply saying, in places in 
Hadoop codes that uses a token (say OAuth2 token), it would use the AuthToken 
type, and the real AuthToken implementations, corresponding token decoders and 
validators are pluggable and configurable. In this way it would be possible to 
support more tokens (like JWT token), more OAuth2 providers, avoiding to change 
the basic thing. How would you think this approach? I thought we should avoid 
coupling with OAuth2 credentials tightly. Will it work in your side to add 
another method like {{TokenAuth}} for the general token support in your case 
and plugin the OAuth2 specific things? We're working on the design and maybe 
you could review it then have the confirm. Thanks.

> Support OAuth2 authentication in WebHDFS
> ----------------------------------------
>
>                 Key: HDFS-8155
>                 URL: https://issues.apache.org/jira/browse/HDFS-8155
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: webhdfs
>            Reporter: Jakob Homan
>            Assignee: Kai Zheng
>
> WebHDFS should be able to accept OAuth2 credentials.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to