New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added tests to validate JWT Auth compatibility with OAuth2 #4

Merged
merged 1 commit into from Jan 22, 2014

Conversation

Projects
None yet
4 participants
@marccerrato

marccerrato commented Jan 22, 2014

I've added the tests to validate the compatibility problem between JWT Auth and OAuth2, which I commented on the issue #3.

I have also used Tox to make it possible to run the tests with the extra requirement of django-oauth2-provider without altering the base requirements of the package.

@jpadilla

This comment has been minimized.

Show comment
Hide comment
@jpadilla

jpadilla Jan 22, 2014

Member

@marccerrato thank you so much for this! I'll try and take a closer look today and see what I can come up with. Any other recommendations apart from using something other than "Bearer"?

Member

jpadilla commented Jan 22, 2014

@marccerrato thank you so much for this! I'll try and take a closer look today and see what I can come up with. Any other recommendations apart from using something other than "Bearer"?

@marccerrato

This comment has been minimized.

Show comment
Hide comment
@marccerrato

marccerrato Jan 22, 2014

@jpadilla I think the best and easier solution is to use another keyword, like "JWT", since in the draft (http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-15) is not specified which term to use, and maybe "Bearer" should only be used for OAuth.

Another choice, it's to validate the token format to distinguish from the OAuth2 one, but it should require changing the DRF OAuth2Authentication class as well.

marccerrato commented Jan 22, 2014

@jpadilla I think the best and easier solution is to use another keyword, like "JWT", since in the draft (http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-15) is not specified which term to use, and maybe "Bearer" should only be used for OAuth.

Another choice, it's to validate the token format to distinguish from the OAuth2 one, but it should require changing the DRF OAuth2Authentication class as well.

@gcollazo

This comment has been minimized.

Show comment
Hide comment
@gcollazo

gcollazo Jan 22, 2014

Member

I agree with changing the header from "Bearer" to "JWT"

Member

gcollazo commented Jan 22, 2014

I agree with changing the header from "Bearer" to "JWT"

jpadilla added a commit that referenced this pull request Jan 22, 2014

Merge pull request #4 from marccerrato/master
Added tests to validate JWT Auth compatibility with OAuth2

@jpadilla jpadilla merged commit e1e6aa3 into GetBlimp:master Jan 22, 2014

1 check passed

default The Travis CI build passed
Details
@bharathibh

This comment has been minimized.

Show comment
Hide comment
@bharathibh

bharathibh commented Jul 16, 2015

@marccerrato nice dude

@BrnoPCmaniak BrnoPCmaniak referenced this pull request Sep 15, 2017

Merged

Add JWT token auth #3109

@jpadilla jpadilla referenced this pull request Sep 26, 2017

Merged

Add coverage reporting via codecov #382

0 of 1 task complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment