mattrpav commented on PR #1480: URL: https://github.com/apache/activemq/pull/1480#issuecomment-3192969317
I like the idea of a standard oauth2 plugin for authn, but it could be tricky without a bunch of provider specific plugins to re-work request and response handler payloads b/c there are subtle differences. Might need that layer to be pluggable/highly configurable. Using scope claims for groups (ie authz) is tricky, because some providers limit the number of available groups provided in the token—- which means users can’t rely on those tokens for group membership and need to make secondary lookups for group/role info to a non-standard API. The flow is simple enough that it would be great if we could use the JDK http client. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org For additional commands, e-mail: gitbox-h...@activemq.apache.org For further information, visit: https://activemq.apache.org/contact
