You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2020/11/30 12:12:32 UTC

[james-project] 06/07: JAMES-2884 Document authentication on top of JMAP RFC-8621

This is an automated email from the ASF dual-hosted git repository.

btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit ea51ec081fb5fba1d4f8aa9e2fadfce0f001576c
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Mon Nov 30 09:02:00 2020 +0700

    JAMES-2884 Document authentication on top of JMAP RFC-8621
---
 .../doc/specs/spec/authentication.mdown            | 32 ++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/server/protocols/jmap-rfc-8621/doc/specs/spec/authentication.mdown b/server/protocols/jmap-rfc-8621/doc/specs/spec/authentication.mdown
new file mode 100644
index 0000000..1f14a3d
--- /dev/null
+++ b/server/protocols/jmap-rfc-8621/doc/specs/spec/authentication.mdown
@@ -0,0 +1,32 @@
+# Authentication
+
+JMAP RFC-8620 deliberately does not address authentication concerns, and only assumes authenticated requests are handled.
+
+Discovery of available authentication mechanism is not part of the JMAP specification.
+
+This document summarizes available authentication mechanism on top of JMAP RFC-8621 implementation as part of the James
+project.
+
+## Basic authentication
+
+James JMAP RFC-8621 supports [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication).
+
+Please note that while convenient for testing purpose, this authentication mechanism should not be used for production
+workflow: the credentials are transmitted again and over again, should be retained in memory, authentication is
+challenged for each request...
+
+## JWT authentication
+
+We rely on a third party software to supply a signed JWT token, valid according to the James JWT public key.
+If valid, the request is blindly trusted.
+
+[Read more](https://github.com/apache/james-project/blob/master/docs/modules/servers/pages/distributed/configure/jmap.adoc#generating-a-jwt-key-pair).
+
+## Implementing new authentication mechanisms
+
+Administrator might need to adapt authentication to their needs.
+
+To implement custom authentication mechanisms, you need to implement `org.apache.james.jmap.http.AuthenticationStrategy`
+and register it in `RFC8621MethodsModule::provideAuthenticator`.
+
+Note that the Apache James project would happily welcome contributions regarding support of other authentication flows.


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org