[ https://issues.apache.org/jira/browse/HDFS-8155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14500828#comment-14500828 ]
Kai Zheng commented on HDFS-8155: --------------------------------- Hi [~jghoman], bq.We should amend the WebHDFS spec to support OAuth tokens, specifically by providing either bearer/refresh tokens in the config (RFC 4.1, with the allowance that the tokens have already been obtained to obviate the need for user interaction), or via a credential that can be exchanged for those tokens (RFC 4.3). I understand you're externalizing and defining a generic WebHDFS interface and spec for more backend stores other than just HDFS. That looks great to me. As you may use Swagger or RAML to define the REST interface and generate the spec doc accordingly, I'm not yet sure if we need to couple with OAuth2 stuff with it, or how tightly if we have to. We have already support Simple, SPNEGO and DT, how they existing methods would be defined in your spec? I would take a look. In HADOOP-11766 we're working on a generic token support for Hadoop, based on it and a general token representation or API {{AuthToken}} would have the OAuth2 token support. We're going this way because there may different OAuth2 token providers and corresponding specifics. Simply saying, in places in Hadoop codes that uses a token (say OAuth2 token), it would use the AuthToken type, and the real AuthToken implementations, corresponding token decoders and validators are pluggable and configurable. In this way it would be possible to support more tokens (like JWT token), more OAuth2 providers, avoiding to change the basic thing. How would you think this approach? I thought we should avoid coupling with OAuth2 credentials tightly. Will it work in your side to add another method like {{TokenAuth}} for the general token support in your case and plugin the OAuth2 specific things? We're working on the design and maybe you could review it then have the confirm. Thanks. > Support OAuth2 authentication in WebHDFS > ---------------------------------------- > > Key: HDFS-8155 > URL: https://issues.apache.org/jira/browse/HDFS-8155 > Project: Hadoop HDFS > Issue Type: New Feature > Components: webhdfs > Reporter: Jakob Homan > Assignee: Kai Zheng > > WebHDFS should be able to accept OAuth2 credentials. -- This message was sent by Atlassian JIRA (v6.3.4#6332)