You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
My organization is using OAuth to authenticate users. I was under the impression that we could use the existing LOGIN_PERMISSIONS_[login] environment variable to handle this, however, diving into the code further shows that these permissions only function with password-based authentication.
Describe the solution you'd like
We would like to be able to set permissions per-user, based on the login value retrieved during the authentication process.
My vision is, when a user logs-in, and their username is determined, we can use their corresponding LOGIN_PERMISSIONS_[login] entry to determine their dbgate-level permissions. If there's no corresponding entry for the user, then they are given the default PERMISSIONS as a 'catch-all'. I'd envision setting the default value for this as PERMISSIONS=~*, at least in my use-case.
Describe alternatives you've considered
I am considering using password-based authentication, while gating access to dbgate entirely behind OAuth, so you have to login twice in order to use the system ultimately. While this would work, I'd much prefer being able to offer only one login screen.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
My organization is using OAuth to authenticate users. I was under the impression that we could use the existing
LOGIN_PERMISSIONS_[login]environment variable to handle this, however, diving into the code further shows that these permissions only function with password-based authentication.Describe the solution you'd like
We would like to be able to set permissions per-user, based on the login value retrieved during the authentication process.
My vision is, when a user logs-in, and their username is determined, we can use their corresponding
LOGIN_PERMISSIONS_[login]entry to determine their dbgate-level permissions. If there's no corresponding entry for the user, then they are given the defaultPERMISSIONSas a 'catch-all'. I'd envision setting the default value for this asPERMISSIONS=~*, at least in my use-case.Describe alternatives you've considered
I am considering using password-based authentication, while gating access to dbgate entirely behind OAuth, so you have to login twice in order to use the system ultimately. While this would work, I'd much prefer being able to offer only one login screen.
The text was updated successfully, but these errors were encountered: