potiuk commented on PR #321: URL: https://github.com/apache/incubator-ponymail-foal/pull/321#issuecomment-4896064680
> The tooling team is considering contributing the PAT and JWT bearer token code to `infratructure-asfquart`. I could see that as a helper function for token exchange on services. That way this type of useful api support can be commonly used. If it were contributed here then we have several risks. Understood - but also after discussion with @sebbASF inin https://github.com/apache/comdev/pull/23#issuecomment-4895033171 I realized that indeed - without the long term Oauth refresh token (which currenty Oauth provider does not have) - it would be impossible to refresh permissions of the user in case it changed during the long-term token time of live. The current solution properly works just in case the tokens are invalidated via API - and relying in Infa to make the call would be far too brittle. I also reviewed in detail the ASF Quart implementation and see that it uses directly LDAP access for authentication for that very reason. So .. While interesting idea, I am closing that one. Without "easy" way of implementing refreshing permissions, there are indeed some risks involved, that we should not neglect - and since it is only "convenience" for anyone who uses PonyMail (the current cookie-based access is good enough), it's not worth to have it. But it was great learning for me to understand how PonyMail and ASF Quart work internally - digging through the code and learning how things work might give you a contributor in the future, if I find other things worthy contributuion in either of them. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
