You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Graham Leggett via dev <de...@httpd.apache.org> on 2023/04/25 17:59:20 UTC

Re: [Patch] mod_auth_bearer / mod_autht_jwt: An alternative to AJP

On 19 Mar 2020, at 12:26, Graham Leggett <mi...@sharp.fm> wrote:

  

> On 19 Mar 2020, at 02:40, Eric Covener
> <[covener@gmail.com](mailto:covener@gmail.com)> wrote:
>
>  
>
>

>> Neat, have you thought about mod_auth_form in relation to this?  
> Something on my wishlist has been to not put the password in the  
> session / not continue to call the original auth provider.
>
>  
>
>
> Yes - the two modules that will benefit from token support are mod_session
> (which mod_auth_form is just one possible “onramp” to obtain a session
> token), and mod_ssl, where the token is the cert.

  

Getting back to this.

  

Added in r1909409 and r1909411.

  

There is a corresponding library for tomcat that allows it to receive bearer
auth here: <https://github.com/minfrin/tomcat-jwt-authenticator>

  

Regards,

Graham

—