lakeFS icon indicating copy to clipboard operation
lakeFS copied to clipboard
verified publisher icon treeverse

Feature Request: Add JWT Session Token Authentication to lakectl

Open nopcoder opened this issue 8 months ago • 7 comments

Add support for lakectl to use JWT session tokens as an authentication method, providing an alternative to the current username/password authentication.

Problem

Currently, lakectl only supports username/password authentication, which:

  • Doesn't support temporary access scenarios
  • Can't integrate with external identity providers that issue JWTs

Requirements

  • Add new configuration option as part of lakectl credentials to pass valid JWT - Example: LAKECTL_CREDENTIALS_SESSION_TOKEN
  • Update authentication logic to prioritize token auth when provided

Benefits

  • Better integration with temporary access patterns
  • Alignment with python client support with session token

nopcoder avatar Mar 17 '25 15:03 nopcoder

@nopcoder Hello! I’m a new contributor interested in working on this issue. Could you assign it to me?

VH992098059 avatar Mar 31 '25 14:03 VH992098059

Hi @VH992098059, I can assign you this task. Just a heads-up, it's a priority and we'll need it relatively soon. Do you think you'd be able to complete it within a short timeframe? If not, we have other 'good first issues' available.

nopcoder avatar Mar 31 '25 19:03 nopcoder

@nopcoder Hi!How long is the deadline, if you are in a hurry, you can consider changing it, such as #8610, which is acceptable

VH992098059 avatar Apr 01 '25 00:04 VH992098059

@nopcoder Hi!How long is the deadline, if you are in a hurry, you can consider changing it, such as #8610, which is acceptable

The deadline depends on the load on the team, so I didn't have the exact time, there are other tasks that depend on it that may push it up the stack. For 8610, there is no dependency and I think it may be a better option - want to start there?

nopcoder avatar Apr 01 '25 04:04 nopcoder

@nopcoder There may not be much time to change this week, for fear of delaying the team's progress, so assign me the #8610 issue, thanks!

VH992098059 avatar Apr 01 '25 04:04 VH992098059

@VH992098059 can you ask on the issue (#8610) and I'll assign you? also, if you need help in order to understand the expected behavior, let me know on the issue.

nopcoder avatar Apr 01 '25 06:04 nopcoder

@Isan-Rivkin this is the issue you wanted me to create as part of the IAM implementation (you also referenced it here in the issue https://github.com/treeverse/fluffy/issues/661).

If you don't think you need this level, let me know and I'll close this one.

nopcoder avatar May 16 '25 06:05 nopcoder

@Isan-Rivkin can I close this one?

nopcoder avatar Jul 13 '25 10:07 nopcoder