OAuth 2.0 authentication

I want to prepare PR with implement OAuth authentication for search guard plugin. Is is possible include oauth authentication as free part of search guard? Or because oauth looks like(and can include) JWT tokens that include in commercial part include oauth to free part not available?

Depends.

Can you briefly outline how your oauth implementation for searchguard would look like and which additional features it would add to the existing (commercial) JWT auth backend?

···

Am 27.07.2016 um 12:17 schrieb Vladimir Gordiychuk <folyga@gmail.com>:

I want to prepare PR with implement OAuth authentication for search guard plugin. Is is possible include oauth authentication as free part of search guard? Or because oauth looks like(and can include) JWT tokens that include in commercial part include oauth to free part not available?

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5663d32f-7bbd-4329-8ccf-d5a63dec2f3d%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

Exists JWT implementation oauth will not affect.
Changes in backend:
One elasticsearch node will add new HTTPAuthenticator and AuthenticationBackend. HTTPAuthenticator will use for extract token from header. AuthenticationBackend will work as resource server in term RFC-6749, for validate token will exists few implementation. One of implementation will thread with authentication for validate token in term introspection endpoint that describe in RFC-7662. Specification allow include additional information in response, and we can for example get from authentication server client roles.
Changes in client:
TransportClient will know via settings client id, client secret, authentication server URL, before send request to elasticsearch, client will request token from authentication server, and then include token to request header. Client also will now then token will expired, and refresh it when the time is suitable.

I think for TransportClient will be need only client id, client secret, but REST clients can work via redirect on authentication server as it describe in specification.

···

Depends.

Can you briefly outline how your oauth implementation for searchguard would look like and which additional features it would add to the existing (commercial) JWT auth backend?

Am 27.07.2016 um 12:17 schrieb Vladimir Gordiychuk fol...@gmail.com:

I want to prepare PR with implement OAuth authentication for search guard plugin. Is is possible include oauth authentication as free part of search guard? Or because oauth looks like(and can include) JWT tokens that include in commercial part include oauth to free part not available?


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5663d32f-7bbd-4329-8ccf-d5a63dec2f3d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.