I dug into this and it looks like it’s as easy as setting JWT_AUTH_HEADER_PREFIX to “Bearer”[0]. So +1 from me.
http://getblimp.github.io/django-rest-framework-jwt/#additional-settings David On Mon, Oct 30, 2017 at 10:59 AM, Dennis Kliban <[email protected]> wrote: > On Mon, Oct 30, 2017 at 10:55 AM, Brian Bouterse <[email protected]> > wrote: > >> I think it would be ideal if we used 'Bearer: ' instead of 'JWT: '. If >> you use our docs, you'll be able to submit your JWT correctly. If you say >> 'oh I see Pulp uses JWT' and you follow the example in the official (I >> think?) JWT site [0] you'll submit a JWT to Pulp using those docs it won't >> work. This is also a problem in practice; I've heard of two separate >> occasions where JWT was thought to be broken because it was submitted >> 'Bearer: ' which Pulp wants 'JWT: '. >> >> The reasoning for the plugin to choose JWT over Bearer has to do with >> their goals of being able to be used side-by-side a OAuth2 *and* allow your >> auth types to be in any order. I don't think this affects Pulp because Pulp >> isn't supporting OAuth2 anytime soon if ever, and even if we do, I don't >> think that's a good reason to invent a new way to submit a JWT (which they >> did). >> >> I'm +1 to filing a story against Pulp to configure our usage of the >> plugin to have the JWT be submitted using 'Bearer: ' instead of 'JWT: '. >> Shall I file this? What do you all think? >> >> > +1 to this as well. > > > >> [0]: https://jwt.io/introduction/ >> >> -Brian >> >> >> On Fri, Oct 27, 2017 at 9:03 AM, David Davis <[email protected]> >> wrote: >> >>> There was some discussion on the PR about this: >>> >>> https://github.com/pulp/pulp/pull/3109#discussion_r138202256 >>> >>> Basically the package we’re using decided on JWT. See their reasoning >>> here: >>> >>> https://github.com/GetBlimp/django-rest-framework-jwt/pull/4 >>> >>> >>> David >>> >>> On Fri, Oct 27, 2017 at 8:26 AM, Kersom Moura Oliveira < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> I noticed that JWT authorization header was adopted as the default one >>>> for Pulp3. [0] >>>> >>>> Also I read in a few places about Bearer authorization header, as the >>>> typical one used for JWT.[1] >>>> >>>> Is there a specific reason to chose one over the other in Pulp3? >>>> >>>> Regards, >>>> >>>> [0] https://docs.pulpproject.org/en/3.0/nightly/integration_guid >>>> e/rest_api/authentication.html#using-a-token >>>> [1] https://jwt.io/introduction/ >>>> [2] https://tools.ietf.org/html/rfc6750 >>>> [3 ]https://tools.ietf.org/html/rfc7523 >>>> >>>> >>>> _______________________________________________ >>>> Pulp-dev mailing list >>>> [email protected] >>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>> >>>> >>> >>> _______________________________________________ >>> Pulp-dev mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/pulp-dev >>> >>> >> >> _______________________________________________ >> Pulp-dev mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/pulp-dev >> >> >
_______________________________________________ Pulp-dev mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-dev
