You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/10/28 04:57:12 UTC

[GitHub] [pulsar] nodece commented on pull request #18130: [fix][broker] Fix update authentication data

nodece commented on PR #18130:
URL: https://github.com/apache/pulsar/pull/18130#issuecomment-1294457200

   > Is authentication data supposed to dynamically change?
   
   Yes, we can dynamically change the authentication data by auth challenge.
   
   > We require the role to stay the same across authentication refreshes, which implies to me that the rest of the data is supposed to be static. That might not be how it is used, in practice, though.
   
   Usually, the authentication data need to change.
   
   > Why do we need to verify the `originalAuthenticationData`?
   
   The `originalAuthenticationData` comes from the user client by the proxy forwarded, so we must verify that. When there is no proxy, we only check `authenticationData`, old code is right. 
   
   We have two authentication data, one from the proxy, and one from the client. When the authentication has an expired limit, the authentication flow is complex, and causes some authentication issues.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org