You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently core.auth module contains bunch of implementations which should go to core.auth.core. I am sure that handling of apitoken is essential, yet it should be a separate module and separate credential type.
Also present state of auth handling breaks primary principle from times it was first designed where there was:
Credential Extractor (a context specific type which is responsible for sourcing auth information)
Authentication Provider (realization of authentication logic)
Authentication Manager (entry point to perform authentication)
At present handling of JWT is done in authentication filter down in rest.auth. Given that JWT is rather standardized kind of credentials we are able to create valid extractor as well as implement relevant authentication provider who will handle this kind of credentials.
Main point of this is to support federated login operations when user identity is managed externally from OH (ie. in NAS system prefered by user).
The text was updated successfully, but these errors were encountered:
The main point is usage of CredentialExtractor API and delegation of all security related operations to AuthenticationManager and multiple implementations of AuthenticationProvider.
Relates to #16
Signed-off-by: Łukasz Dywicki <[email protected]>
Currently
core.auth
module contains bunch of implementations which should go tocore.auth.core
. I am sure that handling ofapitoken
is essential, yet it should be a separate module and separate credential type.Also present state of auth handling breaks primary principle from times it was first designed where there was:
At present handling of JWT is done in authentication filter down in
rest.auth
. Given that JWT is rather standardized kind of credentials we are able to create valid extractor as well as implement relevant authentication provider who will handle this kind of credentials.Main point of this is to support federated login operations when user identity is managed externally from OH (ie. in NAS system prefered by user).
The text was updated successfully, but these errors were encountered: