I've been thinking about OAuth2 related use cases for a while now, and I know we talked about bearer tokens on a few recent threads.
I've taken a first pass at supporting a new type of AuthenticationToken (BearerToken) https://github.com/apache/shiro/pull/129 This basically just reuses the guts from BasicHttpAuthenticationFilter. I'm not sure if i'm thinking too fine grain or not with the actual BearerToken object (an authentication token for an API key or similar, would also be the same, so maybe the actual token should be more generic?) Anyone have any thoughts or similar use-cases related to authentication tokens? -Brian
