Rodric, IBM Cloud Functions hasn’t implemented OAuth, but JWT based bearer token based authentication based on the IBM Cloud IAM system.
The first problem we encountered was that our bearer token did not provide a namespace related context (which is only configured in the IAM system). The only obvious namespace related information is contained in the URI (but unfortunately not always when looking at the _ default). The next problem was the need to construct the Identity object (of which the namespace information is a key component) fully in the authorization code to not break the API handling (which brings us back to the missing namespace information). We overcame the problems by asking the user to provide missing namespace information via additional headers and by retrieving additional authorization related data from proprietiary data stores. There were more problems in the realm to provide the meaningful error messages. Nevertheless our implementation proves that OW is already able to handle JWT based bearer tokens and provide them to be used in outbound calls. Regards, Martin > Am 21.06.2019 um 13:23 schrieb Rodric Rabbah <rod...@gmail.com>: > > I'm curious if anyone has thought about or implemented an oauth based > authentication mechanism in the controller. I've thought about replacing > the subject authentication with oauth and think it would not be a lot of > work to do although it does have some wider implications. > > -r
