Thanks @daviddavis. That seems very straightforward. I wrote this issue up here [0]. Please someone ask questions, send ideas/concerns, or click groom.
[0]: https://pulp.plan.io/issues/3107 On Mon, Oct 30, 2017 at 11:53 AM, David Davis <davidda...@redhat.com> wrote: > I dug into this and it looks like it’s as easy as > setting JWT_AUTH_HEADER_PREFIX to “Bearer”[0]. So +1 from me. > > http://getblimp.github.io/django-rest-framework-jwt/#additional-settings > > > David > > On Mon, Oct 30, 2017 at 10:59 AM, Dennis Kliban <dkli...@redhat.com> > wrote: > >> On Mon, Oct 30, 2017 at 10:55 AM, Brian Bouterse <bbout...@redhat.com> >> wrote: >> >>> I think it would be ideal if we used 'Bearer: ' instead of 'JWT: '. If >>> you use our docs, you'll be able to submit your JWT correctly. If you say >>> 'oh I see Pulp uses JWT' and you follow the example in the official (I >>> think?) JWT site [0] you'll submit a JWT to Pulp using those docs it won't >>> work. This is also a problem in practice; I've heard of two separate >>> occasions where JWT was thought to be broken because it was submitted >>> 'Bearer: ' which Pulp wants 'JWT: '. >>> >>> The reasoning for the plugin to choose JWT over Bearer has to do with >>> their goals of being able to be used side-by-side a OAuth2 *and* allow your >>> auth types to be in any order. I don't think this affects Pulp because Pulp >>> isn't supporting OAuth2 anytime soon if ever, and even if we do, I don't >>> think that's a good reason to invent a new way to submit a JWT (which they >>> did). >>> >>> I'm +1 to filing a story against Pulp to configure our usage of the >>> plugin to have the JWT be submitted using 'Bearer: ' instead of 'JWT: '. >>> Shall I file this? What do you all think? >>> >>> >> +1 to this as well. >> >> >> >>> [0]: https://jwt.io/introduction/ >>> >>> -Brian >>> >>> >>> On Fri, Oct 27, 2017 at 9:03 AM, David Davis <davidda...@redhat.com> >>> wrote: >>> >>>> There was some discussion on the PR about this: >>>> >>>> https://github.com/pulp/pulp/pull/3109#discussion_r138202256 >>>> >>>> Basically the package we’re using decided on JWT. See their reasoning >>>> here: >>>> >>>> https://github.com/GetBlimp/django-rest-framework-jwt/pull/4 >>>> >>>> >>>> David >>>> >>>> On Fri, Oct 27, 2017 at 8:26 AM, Kersom Moura Oliveira < >>>> ker...@redhat.com> wrote: >>>> >>>>> Hi, >>>>> >>>>> I noticed that JWT authorization header was adopted as the default one >>>>> for Pulp3. [0] >>>>> >>>>> Also I read in a few places about Bearer authorization header, as the >>>>> typical one used for JWT.[1] >>>>> >>>>> Is there a specific reason to chose one over the other in Pulp3? >>>>> >>>>> Regards, >>>>> >>>>> [0] https://docs.pulpproject.org/en/3.0/nightly/integration_guid >>>>> e/rest_api/authentication.html#using-a-token >>>>> [1] https://jwt.io/introduction/ >>>>> [2] https://tools.ietf.org/html/rfc6750 >>>>> [3 ]https://tools.ietf.org/html/rfc7523 >>>>> >>>>> >>>>> _______________________________________________ >>>>> Pulp-dev mailing list >>>>> Pulp-dev@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Pulp-dev mailing list >>>> Pulp-dev@redhat.com >>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>> >>>> >>> >>> _______________________________________________ >>> Pulp-dev mailing list >>> Pulp-dev@redhat.com >>> https://www.redhat.com/mailman/listinfo/pulp-dev >>> >>> >> >
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev