Reputation: 73
Allow OAuth2 login to delegate to Kerberos protected resources
I would like to build a Web API in Python that uses OAuth2 and will eventually use Kerberos protected resources in the backend. Specifically, I would like to have a Web API that uses OAuth2 to authenticate user and then switch them to a Kerberos context for the duration of the request. (I am not too familiar with Kerberos which may be apparent.) Many users with different credentials will be using the same API. It should be noted this will be done in a Linux environment with some implementation of Kerberos. I want to use OAuth2 from authorization because it will be easier for developers to use API.
How can I delegate or impersonate a Kerberbos user that was authenticated using OAuth2? I am aware I can make any necessary information available to the Web API in the OAuth2 authentication token(jwt). Furthermore, I could have OAuth2 server have a token introspection method that would allow me to obtain any info needed to make the impersonation.
Upvotes: 2
Views: 1261
Answers (0)
Related Questions
- Authenticating questions, possible to bridge kerberos to oauth?
- In OAuth2 flow, can we delegate authentication to Windows SSO
- How to use Kerberos libraries in Python?
- How to impersonate or delegate on kerberos with python?
- How to set up a connection with Kerberos in Python application?
- OAuth2 authorization for API in Python
- Python Oauth2 - login with Google
- Kerberos authentication with python
- How to send oauth request with python-oauth2
- Using python-oauth2 I get oauth_parameters_absent:scope