You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@jena.apache.org by an...@apache.org on 2022/05/24 12:22:27 UTC

[jena-site] branch main-next created (now 27fcae32b)

This is an automated email from the ASF dual-hosted git repository.

andy pushed a change to branch main-next
in repository https://gitbox.apache.org/repos/asf/jena-site.git


      at 27fcae32b Documentation for bearer auth support

This branch includes the following new commits:

     new 27fcae32b Documentation for bearer auth support

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[jena-site] 01/01: Documentation for bearer auth support

Posted by an...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

andy pushed a commit to branch main-next
in repository https://gitbox.apache.org/repos/asf/jena-site.git

commit 27fcae32bb2dc847a9fe835e155746dd3ef2121d
Author: Andy Seaborne <an...@apache.org>
AuthorDate: Tue May 24 13:22:20 2022 +0100

    Documentation for bearer auth support
---
 source/documentation/sparql-apis/http-auth.md | 38 ++++++++++++++++++++++++---
 1 file changed, 34 insertions(+), 4 deletions(-)

diff --git a/source/documentation/sparql-apis/http-auth.md b/source/documentation/sparql-apis/http-auth.md
index a5742bc4f..f742cef98 100644
--- a/source/documentation/sparql-apis/http-auth.md
+++ b/source/documentation/sparql-apis/http-auth.md
@@ -38,9 +38,14 @@ information.  To make this automatic, the first request must not be a streaming
 request (the stream is not repeatable). All HTTP request generated by Jena are
 repeatable.
 
-The URL can contain a `userinfo` part, either the `users@host` form, or the `user:password@host` form.
-If just the user is given, the authentication environment is consulted for registered users-password information. If user and password is given, the details as given are used. This latter form is not recommended and should only be used if necessary because the password is in-clear in the SPARQL
-query.
+The URL can contain a `userinfo` part, either the `users@host` form, or the
+`user:password@host` form.  If just the user is given, the authentication
+environment is consulted for registered users-password information. If user and
+password is given, the details as given are used. This latter form is not
+recommended and should only be used if necessary because the password is
+in-clear in the SPARQL query.
+
+Jena also has [support for bearer authentication](#bearer-authentication).
 
 ### JDK HttpClient.authenticator
 
@@ -137,6 +142,31 @@ used.
     }
 ```
 
-## Examples
+## Authentication Examples
 
 [jena-examples:arq/examples/auth/](https://github.com/apache/jena/tree/main/jena-examples/src/main/java/arq/examples/auth).
+
+## Bearer Authentication
+
+Bearer authentication requires that the application to obtain a token to present
+to the server.
+
+* [RFC 6750](https://tools.ietf.org/html/rfc6750)
+* [RFC 6751](https://tools.ietf.org/html/rfc6751)
+* [JSON Web Tokens (JWT)](https://tools.ietf.org/html/rfc7519)
+* [JSON Web Token Best Current Practices](https://tools.ietf.org/html/rfc8725)
+
+How this token is obtained depends on the deployment environment. 
+
+The application can either register the token to be used:
+
+```
+    AuthEnv.get().addBearerToken(targetURL, jwtString);
+```
+
+or can provide a token provider for 401 challeneges stating bearer authentication.
+
+```
+    AuthEnv.get().setBearerTokenProvider( 
+        (uri, challenge)->{ ... ; return jwtString; });
+```