You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Graham Leggett via dev <de...@httpd.apache.org> on 2023/04/25 17:59:20 UTC
Re: [Patch] mod_auth_bearer / mod_autht_jwt: An alternative to AJP
On 19 Mar 2020, at 12:26, Graham Leggett <mi...@sharp.fm> wrote:
> On 19 Mar 2020, at 02:40, Eric Covener
> <[covener@gmail.com](mailto:covener@gmail.com)> wrote:
>
>
>
>
>> Neat, have you thought about mod_auth_form in relation to this?
> Something on my wishlist has been to not put the password in the
> session / not continue to call the original auth provider.
>
>
>
>
> Yes - the two modules that will benefit from token support are mod_session
> (which mod_auth_form is just one possible “onramp” to obtain a session
> token), and mod_ssl, where the token is the cert.
Getting back to this.
Added in r1909409 and r1909411.
There is a corresponding library for tomcat that allows it to receive bearer
auth here: <https://github.com/minfrin/tomcat-jwt-authenticator>
Regards,
Graham
—