public inbox for [email protected]
help / color / mirror / Atom feedFrom: Khushboo Vashi <[email protected]>
To: Dave Page <[email protected]>
Cc: Florian Sabonchi <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: OAuth error when logging in
Date: Mon, 29 Mar 2021 15:16:27 +0530
Message-ID: <CAFOhELcuRA9xAucPCCTfsESK-cBk5cr74TAi=e8Uf02RH2kT5A@mail.gmail.com> (raw)
In-Reply-To: <CA+OCxoweunYZGJ5kx=c8YCRjuAeOXV48YbBZrJ6BL3n8Mriz=Q@mail.gmail.com>
References: <[email protected]>
<CA+OCxoweunYZGJ5kx=c8YCRjuAeOXV48YbBZrJ6BL3n8Mriz=Q@mail.gmail.com>
Hi Florian,
As Dave mentioned, we use the user's password as an encryption key for
saving Postgres passwords, and we do so by maintaining KeyManager. As for
OAuth implementation, you do not have a password, you need to bypass this
step ( and that is the reason you are being redirected to the login page
because of no secret key). Check the code at line no 713 in
https://github.com/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/__init__.py
which is causing logout for you.
Thanks,
Khushboo
On Mon, Mar 29, 2021 at 1:57 PM Dave Page <[email protected]> wrote:
> Hi
>
> On Mon, Mar 29, 2021 at 9:21 AM Florian Sabonchi <[email protected]>
> wrote:
>
>> Hello I would like to integrate OAuth in PG-Admin. Unfortunately I have
>> the error that I am redirected back to the home page. Unfortunately I
>> could not find this error, what surprises me is that
>> current_user.is_authenticated is set to True. For this reason I just
>> wanted to ask maybe someone knows what the problem is. You can find my
>> source code here:
>>
>>
>> https://github.com/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/authenticate/__init__.py
>>
>>
>> I would be very happy if someone could help me with this problem.
>> Because I unfortunately have no idea what this could be for an issue
>>
>
> Khushboo (CC'd) is most familiar with this code as she wrote the plugin
> auth system - hopefully she can help point you in the right direction.
>
> However; we have discussed OAuth briefly in the past and never quite
> figured out what to do about saving Postgres passwords. Have you thought
> about that? The issue is that we won't have anything secret to use in an
> encryption key as pgAdmin won't see the user's password. We have the same
> issue with Kerberos, however the solution we came up with there was to
> simply disable password saving which is fine because in most environments
> the user will use Kerberos to authenticate to Postgres anyway (which
> Khushboo is working on right now).
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: http://www.enterprisedb.com
>
>
view thread (3+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: OAuth error when logging in
In-Reply-To: <CAFOhELcuRA9xAucPCCTfsESK-cBk5cr74TAi=e8Uf02RH2kT5A@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox