afs commented on issue #1292: URL: https://github.com/apache/jena/issues/1292#issuecomment-1127826896
As it stand currently, the PR will not crash (NPE) in the Jena client-side code for SPARQL operations when encountering bearer auth. Challenges for basic and digest are handled internally with registered user-password (no change there). Bearer auth is different because the app needs to get the token and tokens may have a limited lifetime. This PR is the necessary part : https://github.com/apache/jena/issues/1292#issuecomment-1126020705 > Adding challenge handling for bearer auth is probably doable but it's yet another step. Rather than delay everything PR https://github.com/apache/jena/pull/1301 at least fixes the original problems and should work when the bearer token is added - failure is a 401 exception. The first one is a 400 due to the lack of `?query=`. Presumably authentication should have been done before request parsing and so did happen. The second is 401 and the calling code should either have added the token (@Aklakan current solution) or caught the 401 and retried. No Jena there that I can see. The best Jena client-library can do is have a registry of callbacks so 401 causes a call out to app code to provide the token (see the current `AuthRequestModifier` which can add HTTP headers based on target URI @Aklakan has been using). Something to do carefully to avoid security leaks in multi-tenant situations. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
