You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ignite.apache.org by Mikhail Pochatkin <m....@gmail.com> on 2023/06/16 10:35:53 UTC

Re: [DISCUSSION] IEP-105: Basic Authentication in Apache Ignite 3

Hi, Alexandr. Thanks for your feedback. I have fixed your comments

ср, 31 мая 2023 г. в 13:18, Aleksandr Pakhomov <ap...@gmail.com>:

> Hi, Mikhail
>
> > Then the REST client’s exchange with the node will follow the flow:
> > Client posts the client-id and client-secret to the token endpoint URL
> using specified authentication type and receives an access token or error
> message. At this point implementation should cache the token.
> > Client sends the access token to the REST API endpoint using the
> client_secret_basic authentication type.
> > REST API implementation validates the token using the JWKS URL.
> >
>
> ^^ does not sound like a Basic Authentication that is used to be just a
> base64 encoded username-password pair. Shall we rename the proposal to
> "Authentication in Apache Ignite 3"?
>
> One more question, could you please describe the security-related about
> how should we store the password on the server?
>
> --
> Best regards,
> Aleksandr
>
>
> > On 31 May 2023, at 09:34, Mikhail Pochatkin <m....@gmail.com>
> wrote:
> >
> > Hi, Igniters!
> >
> > Please take a look at the proposal for Basic Authentication in Apache
> > Ignite 3 [1].
> >
> > Thanks for any feedback!
> >
> > 1. IEP-106: Basic Authentication - Apache Ignite - Apache Software
> > Foundation
> > <
> https://cwiki.apache.org/confluence/display/IGNITE/IEP-106%3A+Basic+Authentication
> >
>
>

-- 
best regards,
Pochatkin Mikhail.