databend icon indicating copy to clipboard operation
databend copied to clipboard
verified publisher icon datafuselabs

Support auth plugin

Open bohutang opened this issue 4 years ago • 9 comments

Summary

  • [x] #3480
  • [x] #3482

bohutang avatar Dec 15 '21 09:12 bohutang

/assignme

flaneur2020 avatar Dec 15 '21 09:12 flaneur2020

jwt might be a promising authentication option, like: https://trino.io/docs/current/security/jwt.html

flaneur2020 avatar Dec 15 '21 09:12 flaneur2020

@BohuTANG

after discussing with @flaneur2020, I think we may change password_type back to auth_type. and use the same field to hold enum { JTW, Sha256Password, DoubleSha1Password, ...}, which directly corresponds to the "With" part in SQL.

otherwise, we need another field to hold enum {JWT, Password, }, which is a waste and has no benefit.

and it is a little more convenient to use one field/var to dispatch auth logic and to be passed a argument

youngsofun avatar Jan 10 '22 14:01 youngsofun

better way for rust is to use enum?

enum { Password(type PasswordType,password vec) Ldap(config string) }

youngsofun avatar Jan 10 '22 22:01 youngsofun

Ok, enum looks make sense.

bohutang avatar Jan 10 '22 22:01 bohutang

ok, I will do it

youngsofun avatar Jan 11 '22 00:01 youngsofun

@youngsofun can take this issue assigned to yourself by /assignme :)

flaneur2020 avatar Jan 12 '22 06:01 flaneur2020

/assignme

youngsofun avatar Jan 12 '22 06:01 youngsofun

plan with 3 pr:

  • [ ] refactor auth with enum (user table, create/alter users parser and tests)
  • [ ] continue to refactor auth framework and support simple JWT and HTTP basic(use existing password)
  • [ ] store password as hashed value as it should be
  • [ ] create root user

youngsofun avatar Jan 12 '22 06:01 youngsofun

All work has been done. Let's close.

Xuanwo avatar Sep 16 '22 06:09 Xuanwo