You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2017/05/11 16:32:04 UTC
[jira] [Created] (KNOX-938) JWTProvider to accept Query Param as
well as Bearer Token
Larry McCay created KNOX-938:
--------------------------------
Summary: JWTProvider to accept Query Param as well as Bearer Token
Key: KNOX-938
URL: https://issues.apache.org/jira/browse/KNOX-938
Project: Apache Knox
Issue Type: Bug
Components: Server
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 0.13.0
By extending the ability to acquire a JWT token provided via query param as well as a bearer token, the JWTProvider will open up an opportunity for clients that are unable to set a HTTP header for the request.
These client scenarios will need to be carefully considered and this feature carefully documented to make sure that replay attacks aren't a problem by making the token available to adversaries or persisted in the clear.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)