[Pulp-dev] Pulp3 - JWT Authorization Header
dkliban at redhat.com
Mon Oct 30 14:59:15 UTC 2017
On Mon, Oct 30, 2017 at 10:55 AM, Brian Bouterse <bbouters at redhat.com>
> I think it would be ideal if we used 'Bearer: ' instead of 'JWT: '. If you
> use our docs, you'll be able to submit your JWT correctly. If you say 'oh I
> see Pulp uses JWT' and you follow the example in the official (I think?)
> JWT site  you'll submit a JWT to Pulp using those docs it won't work.
> This is also a problem in practice; I've heard of two separate occasions
> where JWT was thought to be broken because it was submitted 'Bearer: '
> which Pulp wants 'JWT: '.
> The reasoning for the plugin to choose JWT over Bearer has to do with
> their goals of being able to be used side-by-side a OAuth2 *and* allow your
> auth types to be in any order. I don't think this affects Pulp because Pulp
> isn't supporting OAuth2 anytime soon if ever, and even if we do, I don't
> think that's a good reason to invent a new way to submit a JWT (which they
> I'm +1 to filing a story against Pulp to configure our usage of the plugin
> to have the JWT be submitted using 'Bearer: ' instead of 'JWT: '. Shall I
> file this? What do you all think?
+1 to this as well.
> : https://jwt.io/introduction/
> On Fri, Oct 27, 2017 at 9:03 AM, David Davis <daviddavis at redhat.com>
>> There was some discussion on the PR about this:
>> Basically the package we’re using decided on JWT. See their reasoning
>> On Fri, Oct 27, 2017 at 8:26 AM, Kersom Moura Oliveira <kersom at redhat.com
>> > wrote:
>>> I noticed that JWT authorization header was adopted as the default one
>>> for Pulp3. 
>>> Also I read in a few places about Bearer authorization header, as the
>>> typical one used for JWT.
>>> Is there a specific reason to chose one over the other in Pulp3?
>>>  https://docs.pulpproject.org/en/3.0/nightly/integration_guid
>>>  https://jwt.io/introduction/
>>>  https://tools.ietf.org/html/rfc6750
>>> [3 ]https://tools.ietf.org/html/rfc7523
>>> Pulp-dev mailing list
>>> Pulp-dev at redhat.com
>> Pulp-dev mailing list
>> Pulp-dev at redhat.com
> Pulp-dev mailing list
> Pulp-dev at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pulp-dev