Currently core.auth module contains bunch of implementations which should go to core.auth.core. I am sure that handling of apitoken is essential, yet it should be a separate module and separate credential type.
Also present state of auth handling breaks primary principle from times it was first designed where there was:
Credential Extractor (a context specific type which is responsible for sourcing auth information)
Authentication Provider (realization of authentication logic)
Authentication Manager (entry point to perform authentication)
At present handling of JWT is done in authentication filter down in rest.auth. Given that JWT is rather standardized kind of credentials we are able to create valid extractor as well as implement relevant authentication provider who will handle this kind of credentials.
Main point of this is to support federated login operations when user identity is managed externally from OH (ie. in NAS system prefered by user).
Currently
core.auth
module contains bunch of implementations which should go tocore.auth.core
. I am sure that handling ofapitoken
is essential, yet it should be a separate module and separate credential type.Also present state of auth handling breaks primary principle from times it was first designed where there was:
At present handling of JWT is done in authentication filter down in
rest.auth
. Given that JWT is rather standardized kind of credentials we are able to create valid extractor as well as implement relevant authentication provider who will handle this kind of credentials. Main point of this is to support federated login operations when user identity is managed externally from OH (ie. in NAS system prefered by user).