New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove dependency on Dropwizard Auth #289
base: main
Are you sure you want to change the base?
Conversation
903873c
to
bce9cbf
Compare
3074be9
to
b484926
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just skimmed and looks good, I will take another pass next week.
Have you tested this change against an OAuth2 server? I'm not overly confident in the mock tests.
import static java.nio.charset.StandardCharsets.ISO_8859_1; | ||
import static java.util.Objects.requireNonNull; | ||
|
||
public record BasicCredentials(String username, String password) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it make sense to use io.trino.server.security.BasicAuthCredentials
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried that before. There were few problems:
Some Trino authentication logic are mixed into BasicAuthCredentials. The username must not be empty, otherwise it will throw (BasicAuthCredentials.java#L61-L63). That's not required by RFC 2617/7617.
It mixed AuthenticationException and Optional.Empty() to indicate different parsing errors, in order to satisfy different use cases in Trino. That's not needed by gateway and makes the caller's logic become complicated.
It doesn't have unit test coverage in Trino. I don't feel safe to extract and reuse that particular class.
2793b86
to
9416953
Compare
I didn't. Overall I don't feel we have enough tests to cover the auth part. That's why I'm holding this PR as a draft. |
c8e97ca
to
d288fe2
Compare
d288fe2
to
3856e53
Compare
Test on |
I'm not that familiar with it unfortunately, but looks like the Trino OAuth2 tests use Hydra |
Lets chat about all this in the sync tomorrow. I think we should add them all in. |
Description
Relates to #41
Release notes
(x) This is not user-visible or is docs only, and no release notes are required.