[ https://issues.apache.org/jira/browse/HBASE-26668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andor Molnar updated HBASE-26668: --------------------------------- Description: We need to define what our level of support will be for an HBase application which must run longer than the lifetime of a JWT token. The JWT 2.0 RFCs mention different kinds of tokens, notably a Refresh token may be helpful [https://datatracker.ietf.org/doc/html/rfc8693] This is inter-twined with HBASE-26667. For example, if we maintained a Refresh token in the client, we would have to build in logic (like we have for Kerberos credentials) to automatically launch a thread and know where to obtain a new JWT token from. *Idea* Once the JwtTokenProvider interface and file-based provider is ready, implement token renewal logic. Port FileWatcher class from the ZooKeeper project and watch for file changes. was: We need to define what our level of support will be for an HBase application which must run longer than the lifetime of a JWT token. The JWT 2.0 RFCs mention different kinds of tokens, notably a Refresh token may be helpful [https://datatracker.ietf.org/doc/html/rfc8693] This is inter-twined with HBASE-26667. For example, if we maintained a Refresh token in the client, we would have to build in logic (like we have for Kerberos credentials) to automatically launch a thread and know where to obtain a new JWT token from. > Define user experience for JWT renewal > -------------------------------------- > > Key: HBASE-26668 > URL: https://issues.apache.org/jira/browse/HBASE-26668 > Project: HBase > Issue Type: Sub-task > Reporter: Josh Elser > Priority: Major > Fix For: HBASE-26553 > > > We need to define what our level of support will be for an HBase application > which must run longer than the lifetime of a JWT token. > The JWT 2.0 RFCs mention different kinds of tokens, notably a Refresh token > may be helpful [https://datatracker.ietf.org/doc/html/rfc8693] > This is inter-twined with HBASE-26667. For example, if we maintained a > Refresh token in the client, we would have to build in logic (like we have > for Kerberos credentials) to automatically launch a thread and know where to > obtain a new JWT token from. > *Idea* > Once the JwtTokenProvider interface and file-based provider is ready, > implement token renewal logic. > Port FileWatcher class from the ZooKeeper project and watch for file changes. -- This message was sent by Atlassian Jira (v8.20.10#820010)