[GitHub] [knox] smolnar82 commented on a change in pull request #424: KNOX-2556 - Enhance JWTProvider to accept knox.id as Passcode Token

Thu, 25 Mar 2021 08:51:40 -0700 


smolnar82 commented on a change in pull request #424:
URL: https://github.com/apache/knox/pull/424#discussion_r601610685



##########
File path: 
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java
##########
@@ -187,6 +186,22 @@ protected boolean tokenIsStillValid(JWT jwtToken) throws 
UnknownTokenException {
     return expires == null || new Date().before(expires);
   }
 
+  protected boolean tokenIsStillValid(final String tokenId) throws 
UnknownTokenException {
+    Date expires = getExpiration(tokenId);
+    return expires == null || (new Date().before(expires));
+  }
+
+  private Date getExpiration(final String tokenId) throws 
UnknownTokenException {

Review comment:
       We may indicate - in the method name - that expiration is checked in 
token state service.

##########
File path: 
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
##########
@@ -38,14 +39,19 @@
 
 public class JWTFederationFilter extends AbstractJWTFilter {
 
+  public enum TokenType {
+    JWT, Passcode;
+  }
+
   public static final String KNOX_TOKEN_AUDIENCES = "knox.token.audiences";
   public static final String TOKEN_VERIFICATION_PEM = 
"knox.token.verification.pem";
   public static final String KNOX_TOKEN_QUERY_PARAM_NAME = 
"knox.token.query.param.name";
   public static final String TOKEN_PRINCIPAL_CLAIM = 
"knox.token.principal.claim";
   public static final String JWKS_URL = "knox.token.jwks.url";
-  private static final String BEARER = "Bearer ";
-  private static final String BASIC = "Basic";
-  private static final String TOKEN = "Token";
+  public static final String BEARER   = "Bearer ";
+  public static final String BASIC    = "Basic";
+  public static final String TOKEN    = "Token";
+  public static final String PASSCODE = "TokenPasscode";

Review comment:
       I think it is redundant to have both; 'TokenPasscode' is handled at the 
same location as 'Token' and one should be enough. Since 'Token' is shorter I'd 
vote for that one.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to