Skip to content

Feat[MQB]: apply plugin into authentication #773

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 9 commits into
base: integration/authn-authz
Choose a base branch
from
Draft

Feat[MQB]: apply plugin into authentication #773

wants to merge 9 commits into from

Conversation

emelialei88
Copy link
Collaborator

@emelialei88 emelialei88 commented Jun 10, 2025
edited
Loading

This PR apply plugin into authentication and reauthentication when we as a broker receives authentication requests from clients.

  • Added component rawclient to support integration test test_authn.py.
  • Used plugin to authenticate and reauthenticate.
    • Authenticator is managed by TransportManager and referred to by InitialConnectionHandler, since the lifetime of an Authenticator is longer than InitialConnectionHandler.
    • When sending response, we use the same encoding type as the one used by the client AuthenticationRequest.
    • Authentication with plugin is performed in a separate thread, and the channel is closed when there's a failure.
    • When AuthenticationContext is created during initial connection, create a reauthenticateCb to be called when a client session later receives an AuthenticationEvent.
    • Use AuthenticationContext::State to indicate the state of authentication. This is used as a synchronization primitive to make sure only one authentication is run for a given context.
  • Basic default authentication credential logic:
    • Use hardcoded credential and basicpass plugin as default way to authenticate if the negotiation message comes first.

@emelialei88 emelialei88 requested a review from a team as a code owner June 10, 2025 18:45
@emelialei88 emelialei88 marked this pull request as draft June 10, 2025 18:45
@emelialei88 emelialei88 force-pushed the integration/authn-authz branch 2 times, most recently from d8e0447 to 0f8a365 Compare June 18, 2025 15:21
@emelialei88 emelialei88 force-pushed the authn/use-plugin branch 4 times, most recently from 057a7c2 to ec64999 Compare June 20, 2025 19:16
@emelialei88 emelialei88 force-pushed the integration/authn-authz branch 2 times, most recently from d74e1fe to 2d81dff Compare June 20, 2025 19:32
@emelialei88 emelialei88 force-pushed the authn/use-plugin branch 3 times, most recently from 85e7ca0 to 6441933 Compare June 23, 2025 15:58
@emelialei88 emelialei88 force-pushed the integration/authn-authz branch 3 times, most recently from a6885dd to c2820a5 Compare June 25, 2025 16:23
@emelialei88
small fix on authn plug
cf4b7db 
Signed-off-by: Emelia Lei <[email protected]>
@emelialei88
added int test for authn
58a056e 
Signed-off-by: Emelia Lei <[email protected]>
@emelialei88
use plugin to authenticate
175e5e1 
Signed-off-by: Emelia Lei <[email protected]>
@emelialei88
added reauthentication
dae302b 
Signed-off-by: Emelia Lei <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@emelialei88