qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Bolz (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPIDJMS-373) Support for OAuth flow and setting of "Authorization" Header for WS upgrade request
Date Tue, 03 Apr 2018 19:56:00 GMT

    [ https://issues.apache.org/jira/browse/QPIDJMS-373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16424511#comment-16424511
] 

Michael Bolz commented on QPIDJMS-373:
--------------------------------------

Hi [~gemmellr],

Thanks a lot for clarification.

As explained my first thought was to extend the {{org.apache.qpid.jms.transports.netty.NettyWsTransport.NettyWebSocketTransportHandler}}
because the _OAuth+AuthHeader_ seems to fit there and in my case OAuth would be only used
in combination with WS.
But I agree that the OAuth part could be in an own {{OAuthTransport}} (which requests the
token for the Authorization Header) and the {{NettyWsTransport}} only gets extended with the
option to set the “Authorization Header value”.
As transport key ({{org.apache.qpid.jms.transports.TransportFactory#findTransportFactory}}
I would propose a new scheme “{{amqpws+oauth}}” (which should be compliant to [rfc3986|https://tools.ietf.org/html/rfc3986#section-3.1]).
So it is clear when the new {{OAuthTransport}} will be used.

If this approach sounds reasonable for you I would create another POC with this approach for
further discussion and feedback.


> Support for OAuth flow and setting of "Authorization" Header for WS upgrade request
> -----------------------------------------------------------------------------------
>
>                 Key: QPIDJMS-373
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-373
>             Project: Qpid JMS
>          Issue Type: New Feature
>          Components: qpid-jms-client
>            Reporter: Michael Bolz
>            Priority: Major
>
> Add support for OAuth flow ("client_credentials" and "password") and setting of "Authorization"
Header during WebSocket connection handshake.
> Used "Authorization" Header or OAuth settings should/could be set via the "transport"
parameters (TransportOptions).
>  
> As PoC I created a [Fork|https://github.com/mibo/qpid-jms/tree/ws_add_header] and have
done one commit for the [add of the Authorization Header|https://github.com/mibo/qpid-jms/commit/711052f0891556db0da6e7d68908b2f9dafadede]
and one commit for the [OAuth flow|https://github.com/mibo/qpid-jms/commit/de70f0d3e4441358a239b3e776455201c133895d].
>  
> Hope this feature is not only interesting for me.
> If yes, I will add the currently missing tests to my contribution and do a pull request.
>  
> Regards, Michael



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message