Schema Registry authentication through OAuth2 JWT tokens
You can use OAuth2 JSON Web Token (JWT) in Schema Registry for authentication. Authorization continues to be implemented in Ranger; however, you can obtain the principal from a JWT token.
- A client requests a token from the OAuth2 service.
During Schema Registry startup the application obtains the public keys needed for validating the incoming tokens.
- The client sends the HTTP requests to Schema Registry and these requests contain the bearer token in the HTTP header.
- Schema Registry validates the token.
- Once the token is validated, the principal is extracted from the JWT token. By default,
the principal is stored in the
- The principal is passed to Ranger which performs the authorization.