At the moment, custom authentication is implemented by implementing a Jobson interface, creating a jar, and getting Jobson to load the class at runtime. This method is "straightforward" (downstream devs just add it to the classpath) but it creates a hard-dependency between the custom auth code and Jobson - in order to compile the auth code, you need to link to Jobson (via a maven dep, for example).
This interdependency can be annoying to maintain. An ideal implementation would be to get Jobson to boot an auth application separately and communicate with it with a standardized down-the-wire protocol. The idea would be for Jobson to boot a subprocess, send auth requests to the subprocess via its STDIN (doing it via args is a security risk), and then reading responses from the subprocess's STDOUT.
Implementing it this way turns it from a code dependency into a down-the-wire specification of auth. Implementers can then write a standard jobson-independent application for authentication in any language they want: provided the request+response matches the protocol.
At the moment, custom authentication is implemented by implementing a Jobson interface, creating a jar, and getting Jobson to load the class at runtime. This method is "straightforward" (downstream devs just add it to the classpath) but it creates a hard-dependency between the custom auth code and Jobson - in order to compile the auth code, you need to link to Jobson (via a maven dep, for example).
This interdependency can be annoying to maintain. An ideal implementation would be to get Jobson to boot an auth application separately and communicate with it with a standardized down-the-wire protocol. The idea would be for Jobson to boot a subprocess, send auth requests to the subprocess via its STDIN (doing it via args is a security risk), and then reading responses from the subprocess's STDOUT.
Implementing it this way turns it from a code dependency into a down-the-wire specification of auth. Implementers can then write a standard jobson-independent application for authentication in any language they want: provided the request+response matches the protocol.