[jira] [Updated] (HBASE-26668) Define user experience for JWT renewal

Wed, 31 Aug 2022 01:28:26 -0700 


     [ 
https://issues.apache.org/jira/browse/HBASE-26668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andor Molnar updated HBASE-26668:
---------------------------------
    Description: 
We need to define what our level of support will be for an HBase application 
which must run longer than the lifetime of a JWT token.

The JWT 2.0 RFCs mention different kinds of tokens, notably a Refresh token may 
be helpful [https://datatracker.ietf.org/doc/html/rfc8693]

This is inter-twined with HBASE-26667. For example, if we maintained a Refresh 
token in the client, we would have to build in logic (like we have for Kerberos 
credentials) to automatically launch a thread and know where to obtain a new 
JWT token from.

*Idea*

Once the JwtTokenProvider interface and file-based provider is ready, implement 
token renewal logic.

Port FileWatcher class from the ZooKeeper project and watch for file changes.

  was:
We need to define what our level of support will be for an HBase application 
which must run longer than the lifetime of a JWT token.

The JWT 2.0 RFCs mention different kinds of tokens, notably a Refresh token may 
be helpful [https://datatracker.ietf.org/doc/html/rfc8693]

This is inter-twined with HBASE-26667. For example, if we maintained a Refresh 
token in the client, we would have to build in logic (like we have for Kerberos 
credentials) to automatically launch a thread and know where to obtain a new 
JWT token from.


> Define user experience for JWT renewal
> --------------------------------------
>
>                 Key: HBASE-26668
>                 URL: https://issues.apache.org/jira/browse/HBASE-26668
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Josh Elser
>            Priority: Major
>             Fix For: HBASE-26553
>
>
> We need to define what our level of support will be for an HBase application 
> which must run longer than the lifetime of a JWT token.
> The JWT 2.0 RFCs mention different kinds of tokens, notably a Refresh token 
> may be helpful [https://datatracker.ietf.org/doc/html/rfc8693]
> This is inter-twined with HBASE-26667. For example, if we maintained a 
> Refresh token in the client, we would have to build in logic (like we have 
> for Kerberos credentials) to automatically launch a thread and know where to 
> obtain a new JWT token from.
> *Idea*
> Once the JwtTokenProvider interface and file-based provider is ready, 
> implement token renewal logic.
> Port FileWatcher class from the ZooKeeper project and watch for file changes.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to