[
https://issues.apache.org/jira/browse/SOLR-16897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17746492#comment-17746492
]
Lamine commented on SOLR-16897:
-------------------------------
Hi [~epugh] ,
That's an interesting question.
If you're asking about the back-end part, the answer is yes. The same code
would benefit both a browser and a CLI client.
As for the front-end part, things are little bit more complex. OAuth/OIDC
operates through a browser, so the CLI would need to create and start a
temporary web server, open the default browser, let the user authenticate,
intercept the delivered code, terminate the server, initiate an HTTP request to
the authorization server, retrieve the tokens and use them to communicate with
jwt-auth plugin.
Moreover, you would need a mechanism to preserve the tokens across multiple
calls, given that the CLI is stateless.
> add support of OAuth 2.0/OIDC 'code with PKCE' flow (back-end)
> --------------------------------------------------------------
>
> Key: SOLR-16897
> URL: https://issues.apache.org/jira/browse/SOLR-16897
> Project: Solr
> Issue Type: Improvement
> Reporter: Lamine
> Priority: Minor
>
> This is the "back-end" part of '[code with
> PKCE|https://issues.apache.org/jira/browse/SOLR-16896]' contribution.
> The back-end code is mainly for configuration. This is where the different
> options are configured.
> This PR adds _tokenEndpoint_ and _authorizationFlow_ options.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
