You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2017/05/11 16:32:04 UTC

[jira] [Created] (KNOX-938) JWTProvider to accept Query Param as well as Bearer Token

Larry McCay created KNOX-938:
--------------------------------

             Summary: JWTProvider to accept Query Param as well as Bearer Token
                 Key: KNOX-938
                 URL: https://issues.apache.org/jira/browse/KNOX-938
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
            Reporter: Larry McCay
            Assignee: Larry McCay
             Fix For: 0.13.0


By extending the ability to acquire a JWT token provided via query param as well as a bearer token, the JWTProvider will open up an opportunity for clients that are unable to set a HTTP header for the request.

These client scenarios will need to be carefully considered and this feature carefully documented to make sure that replay attacks aren't a problem by making the token available to adversaries or persisted in the clear.




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)