As defined in TokenAuth framework, TokenAuthn as a new authentication method is to be added in current Hadoop SASL authentication framework, to allow client to access service with access token. The scope of this is as follows:
- Add a new SASL mechanism for TokenAuthn method, including necessary SASL client and SASL server with corresponding callbacks;
- Add TokenAuthn method in UGI and allow the method to be configured for Hadoop and the ecosystem;
- Allow TokenAuthn method to be negotiated between client and server;
- Define the IDP-initiated flow and SP-initiated flow in the RPC access;
- Allow access token to be negotiated between client and server, considering both IDP-initiated case and SP-initiated case.