Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1lQnFl-0006An-1U
	for pgadmin-hackers@arkaria.postgresql.org; Mon, 29 Mar 2021 08:28:05 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1lQnFi-0000Wn-U3
	for pgadmin-hackers@arkaria.postgresql.org; Mon, 29 Mar 2021 08:28:02 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <dpage@pgadmin.org>)
	id 1lQnFi-0000Wg-P0
	for pgadmin-hackers@lists.postgresql.org; Mon, 29 Mar 2021 08:28:02 +0000
Received: from mail-ej1-x62c.google.com ([2a00:1450:4864:20::62c])
	by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.92)
	(envelope-from <dpage@pgadmin.org>)
	id 1lQnFa-0000L8-Fw
	for pgadmin-hackers@postgresql.org; Mon, 29 Mar 2021 08:28:02 +0000
Received: by mail-ej1-x62c.google.com with SMTP id ce10so18104244ejb.6
        for <pgadmin-hackers@postgresql.org>;
 Mon, 29 Mar 2021 01:27:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=pgadmin.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=qoVvA3xBvCzMIqL06u3LaIt2we66MICsJA9KSA6D2IY=;
        b=H25l87WLH0KOjWD+Wa1JvuR5Vj1Yb31RYYcyoycbB4ZIVcffFcJ6GHDDre2fd7HmFB
         qZR4uN/2eAfhTtMjqYsSbef/JJCb5aCqU3z6yaBctqEjGtq1gXRCt8xQFNtYDWeDqaTh
         0EWbPFqhlYjwaaRTWT38tBg15KZFlGdzzyd61n/kJy2pgby/nV5otmkkaggYnxVHElf9
         mB7H4ODDj19VTyQJ0f3wESZLysS/3y1teHMRdlGfFAp1YKj+JsislJ6+XuFHlQEzXERb
         WSzQqq7j6aMq5Nf9LUdgxqP/hd1xbC1CbRbCmGC+NnSN+9xZ1gW3MRCNFCWwyUn/Ivd6
         MmQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=qoVvA3xBvCzMIqL06u3LaIt2we66MICsJA9KSA6D2IY=;
        b=J7lHUZJtgimYko5FywiM7eEQjU77M0g3/Fu42KuI/im4qu8U2qc3IHh/q+anpXnS2M
         keZ7hSlROP1/x5cts8rtK5e72fZP/kKvKMF38sMT91HxM+5XS/wjA/Ra8697SliQENUo
         C7H4a/95wHSNDp9VfzhtDffb5kFx6R0CNf3b7dxFCPyd9YM/3Iy+mBI0VpoFyV90268M
         0Jul96NJXwUkTrG7sKOamVCh1Rgyt7o42w6J0N/mWD0vR1guSpTArQNbkr1AgmxfN40J
         2accdpB2RC58FBrP4aq/LGPmu8UmefdR96LHwByITajNUZ1/IjgmZQe+YT3/tmZe2I/J
         HhBQ==
X-Gm-Message-State: AOAM530I/mpIoL6PtedrMWrnGpEFrVMa4gDIvD6ANg2ybl4JZX0SbX+I
	LTEKtqbPdaptgIqywHYHEw5rkk+Hvuni3MBMPG1ZrA==
X-Google-Smtp-Source: 
 ABdhPJzOa7Xsaqer4caFYXZua7HJg1YwZC3TWrLosdSqMAmC2AKS/es/VjOOtCw6NgKIW7v3Urq6WkVKxo1OIJaKtJY=
X-Received: by 2002:a17:906:4705:: with SMTP id
 y5mr27953857ejq.119.1617006472532;
 Mon, 29 Mar 2021 01:27:52 -0700 (PDT)
MIME-Version: 1.0
References: <382c1ae1-3ee9-8000-10ed-1a3fce390eac@posteo.de>
In-Reply-To: <382c1ae1-3ee9-8000-10ed-1a3fce390eac@posteo.de>
From: Dave Page <dpage@pgadmin.org>
Date: Mon, 29 Mar 2021 08:27:41 +0000
Message-ID: 
 <CA+OCxoweunYZGJ5kx=c8YCRjuAeOXV48YbBZrJ6BL3n8Mriz=Q@mail.gmail.com>
Subject: Re: OAuth error when logging in
To: Florian Sabonchi <sabonchi@posteo.de>
Cc: pgadmin-hackers <pgadmin-hackers@postgresql.org>,
	Khushboo Vashi <khushboo.vashi@enterprisedb.com>
Content-Type: multipart/alternative; boundary="00000000000065253b05bea8a87e"
List-Id: <pgadmin-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgadmin-hackers@lists.postgresql.org>
List-Owner: <mailto:pgadmin-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgadmin-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CA%2BOCxoweunYZGJ5kx%3Dc8YCRjuAeOXV48YbBZrJ6BL3n8Mriz%3DQ%40mail.gmail.com>
Precedence: bulk

--00000000000065253b05bea8a87e
Content-Type: text/plain; charset="UTF-8"

Hi

On Mon, Mar 29, 2021 at 9:21 AM Florian Sabonchi <sabonchi@posteo.de> wrote:

> Hello I would like to integrate OAuth in PG-Admin. Unfortunately I have
> the error that I am redirected back to the home page. Unfortunately I
> could not find this error, what surprises me is that
> current_user.is_authenticated is set to True. For this reason I just
> wanted to ask maybe someone knows what the problem is. You can find my
> source code here:
>
>
> https://github.com/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/authenticate/__init__.py
>
>
> I would be very happy if someone could help me with this problem.
> Because I unfortunately have no idea what this could be for an issue
>

Khushboo (CC'd) is most familiar with this code as she wrote the plugin
auth system - hopefully she can help point you in the right direction.

However; we have discussed OAuth briefly in the past and never quite
figured out what to do about saving Postgres passwords. Have you thought
about that? The issue is that we won't have anything secret to use in an
encryption key as pgAdmin won't see the user's password. We have the same
issue with Kerberos, however the solution we came up with there was to
simply disable password saving which is fine because in most environments
the user will use Kerberos to authenticate to Postgres anyway (which
Khushboo is working on right now).

-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: http://www.enterprisedb.com

--00000000000065253b05bea8a87e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hi</div><br><div class=3D"gmail_quote"><div dir=3D"lt=
r" class=3D"gmail_attr">On Mon, Mar 29, 2021 at 9:21 AM Florian Sabonchi &l=
t;<a href=3D"mailto:sabonchi@posteo.de">sabonchi@posteo.de</a>&gt; wrote:<b=
r></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex=
;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,20=
4,204);padding-left:1ex">Hello I would like to integrate OAuth in PG-Admin.=
 Unfortunately I have <br>
the error that I am redirected back to the home page. Unfortunately I <br>
could not find this error, what surprises me is that <br>
current_user.is_authenticated is set to True. For this reason I just <br>
wanted to ask maybe someone knows what the problem is. You can find my <br>
source code here:<br>
<br>
<a href=3D"https://github.com/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/a=
uthenticate/__init__.py" rel=3D"noreferrer" target=3D"_blank">https://githu=
b.com/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/authenticate/__init__.py<=
/a><br>
<br>
<br>
I would be very happy if someone could help me with this problem. <br>
Because I unfortunately have no idea what this could be for an issue<br></b=
lockquote><div><br></div><div>Khushboo (CC&#39;d) is most familiar with thi=
s code as she wrote the plugin auth system - hopefully she can help point y=
ou in the right direction.</div><div><br></div><div>However; we have discus=
sed OAuth briefly in the past and never quite figured out what to do about =
saving Postgres passwords. Have you thought about that? The issue is that w=
e won&#39;t have anything secret to use in an encryption key as pgAdmin won=
&#39;t see the user&#39;s password. We have the same issue with Kerberos, h=
owever the solution we came up with there was to simply disable password sa=
ving which is fine because in most environments the user will use Kerberos =
to authenticate to Postgres anyway (which Khushboo is working on right now)=
.</div><div>=C2=A0</div></div>-- <br><div dir=3D"ltr" class=3D"gmail_signat=
ure"><div dir=3D"ltr">Dave Page<br>Blog: <a href=3D"http://pgsnake.blogspot=
.com" target=3D"_blank">http://pgsnake.blogspot.com</a><br>Twitter: @pgsnak=
e<br><br>EDB: <a href=3D"http://www.enterprisedb.com" target=3D"_blank">htt=
p://www.enterprisedb.com</a><br><br></div></div></div>

--00000000000065253b05bea8a87e--