Yes, good job! But this really big.
Thanks! Yes, it is. I am working on breaking down the initial patch and the resulting patch for this issue would be smaller and exactly match the goals stated here.
At first glance, it dismays me to see TokenAuthn conditionals being riddled through the codebase.
I understand. The patch focused on adding the needed TokenAuthn method and tried to avoid irrelevant changes like UGI related ones. Depending on related improvements for UGI and SASL framework, hopefully the formal patch to be submitted here will resolve your concern.
This requires the security framework to be more modular (a shared goal of ours) that exposes generic methods that are non-authMethod specific.
Yes, exactly. That is my goal too.