[
https://issues.apache.org/jira/browse/QPIDJMS-373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16425951#comment-16425951
]
Michael Bolz commented on QPIDJMS-373:
--------------------------------------
Hi [~gemmellr],
So at least for the “NettyWsTransport … authorization header” we are on the
same page.
For OAuth in combination with WS I agree that adding a new transport class
(e.g. {{WebSocketOAuthTransport}}) instead of extending the
{{NettyWsTransport.NettyWebSocketTransportHandler}} is the better approach.
I can also agree that a new transport class for OAuth does not fit perfectly
(regarding that OAuth is no real transport).
But currently I’am not sure how the for the OAuth flow required request can be
processed outside the client.
Because the OAuth token request must be done before each connection request to
get a valid authorisation token.
So for the first request this could be done outside and passed via the (new)
“authorisation header” feature.
But in case of a reconnect or failover I have not yet seen a way to do again
the token request from outside and renew the “authorization header” (one
thought was with some sort of a callback but IMHO this does not fit into the
existing client architecture).
As result I thought adding the OAuth handling within the client would be a good
idea (and also solves the mentioned issues).
But if I understand you and the {{org.apache.qpid.jms.util.FactoryFinder}}
concept correctly it should be possible to create an own project which have
Qpid JMS as dependency and provide an own {{TransportFactory}} implementation
(registered loaded via the
{{META-INF.services.org.apache.qpid.jms.transports}}).
Hence I will investigate into this but I’am always open for feedback and again
“Thanks a lot” for your comments which helped me a lot to understand the client
better.
Kind Regards, Michael
> Support for OAuth flow and setting of "Authorization" Header for WS upgrade
> request
> -----------------------------------------------------------------------------------
>
> Key: QPIDJMS-373
> URL: https://issues.apache.org/jira/browse/QPIDJMS-373
> Project: Qpid JMS
> Issue Type: New Feature
> Components: qpid-jms-client
> Reporter: Michael Bolz
> Priority: Major
>
> Add support for OAuth flow ("client_credentials" and "password") and setting
> of "Authorization" Header during WebSocket connection handshake.
> Used "Authorization" Header or OAuth settings should/could be set via the
> "transport" parameters (TransportOptions).
>
> As PoC I created a [Fork|https://github.com/mibo/qpid-jms/tree/ws_add_header]
> and have done one commit for the [add of the Authorization
> Header|https://github.com/mibo/qpid-jms/commit/711052f0891556db0da6e7d68908b2f9dafadede]
> and one commit for the [OAuth
> flow|https://github.com/mibo/qpid-jms/commit/de70f0d3e4441358a239b3e776455201c133895d].
>
> Hope this feature is not only interesting for me.
> If yes, I will add the currently missing tests to my contribution and do a
> pull request.
>
> Regards, Michael
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
