Skip to content

Unified Auth #38

Description

@ric-evans

It would be nice to have some way of generating auth strings (tokens) for clients, which is agnostic of the specific backend. However, this (more than likely) may not be possible as the backend may dictate the token standard. See "Open Questions" below.

First, implement out-of-the-box auth for the rest of the implementations: https://github.com/WIPACrepo/MQClient-GCP, https://github.com/WIPACrepo/MQClient-NATS, and https://github.com/WIPACrepo/MQClient-RabbitMQ

Open Questions

  • Is there an already-unified token standard? Probably not.
  • Is it fine for the spawner process to be cognizant of its child's chosen backend?
  • Is there a way to factorize the creation of a token depending on the backend, pre-spawn? Then pass it to the child process.
  • A temptation here is to use token-indirection, via an authorized system that a client calls into (input: backend type) to receive a token specified for its backend to communicate with the queue (output: token string)--is this overkill?

Note to Self

  • Search slack for "there's been some work on integrating auth for the various mq implementations"

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Fields

    No fields configured for Feature.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions