Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1lQoTg-0001Eq-5u
	for pgadmin-hackers@arkaria.postgresql.org; Mon, 29 Mar 2021 09:46:32 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1lQoTe-0004HW-Pq
	for pgadmin-hackers@arkaria.postgresql.org; Mon, 29 Mar 2021 09:46:30 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <khushboo.vashi@enterprisedb.com>)
	id 1lQoTe-0004GY-GH
	for pgadmin-hackers@lists.postgresql.org; Mon, 29 Mar 2021 09:46:30 +0000
Received: from mail-lj1-x233.google.com ([2a00:1450:4864:20::233])
	by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.92)
	(envelope-from <khushboo.vashi@enterprisedb.com>)
	id 1lQoTb-0007xW-Df
	for pgadmin-hackers@postgresql.org; Mon, 29 Mar 2021 09:46:29 +0000
Received: by mail-lj1-x233.google.com with SMTP id u9so15144954ljd.11
        for <pgadmin-hackers@postgresql.org>;
 Mon, 29 Mar 2021 02:46:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=qNoKP+fp6l5H5OJcBdg/4joxgFls/yYUm1yjCDXKmuk=;
        b=vO+1CUrLdUnhuW7EvqmbnIp+COqn9xtwe1C9psjt66V1TVNKxsyLSuEQ4g+knwwdpt
         xghTe5XdsU18yn+aybvYRQaGXqOFLxsRel2jlTAAo+zBnRWYAI9iY/0sdadwi/kzXGOC
         wXjpIp4+N96WhuzHk21qyhzh5vmTaqItXh8NRk72wwcC4zqGE8RIZtMWk4c20+HuvTSx
         Ooy8N46ncM0+A4HKjUM8g26+cxUgossuTwTi2kiPLs/8QtV+XNSra5i1CRjd8px9heDu
         yiV8Q/MuRsQeaW1glCXxMT+d3kcbSr0M0u8ABW9OC8ujqDjGOTyXbdAHLdvSzCyuozHY
         4kjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=qNoKP+fp6l5H5OJcBdg/4joxgFls/yYUm1yjCDXKmuk=;
        b=bkQa46hOP4bXpKvjhiSQnvMyiIe0PMyL7uC889XoP8il13K1CPk2TmqyYhtPkmWpX3
         Oq7ACzGYwt/AZ0orhJ66jUM3DF5Tc4TrEsi0gp3kz6TbXPZ6xiEf7si5G24IQfRWgqWp
         9Xi6c4kmW03ZXs8sZ4rrLMRRu5zQJDmBSyeIs/g/kHdYtWgnGd38hpfPWhqc7mdULtBG
         hPyiqnX5OjTBpJSNpdiHU7Scjdu9EdoPa+mqVe0yMsvG+qtZyNZdH0T8T6R2PUB1N2SI
         l0EFm5MokXKlC9SXIyKOvYDZ6GmXwDtINamhVn8+Pr4XkcLBXrGQEOolMPDyGwa1iT3y
         Hl6w==
X-Gm-Message-State: AOAM530qTknNXJY2KodQKxgrHeI7jIYR+MF5zg+UowSSCquzAgolhfap
	qM1nkW9MF8YeCVaJf7s7okUrW0146V+ZU94sQ921fQ6bp2gnTcVVwhEiUVomQPIUqy8aac75LDH
	4v+pFSBotFLK+/uyF4B0mjWz9Bh+7vlgTZ+5JuxeTCedOLSjhMdRi3gj0W4yN+bJRZy6Vc3kGTU
	1LryHFRjekN6sBaT8lhbBv00OGNwIr6Q9z+yjeeUS8ByFdD5G9jgTG5yVUqA==
X-Google-Smtp-Source: 
 ABdhPJx6pyGEpdsTpbrtJY4fLkSXENeV2Ztu3mQ2pMsYdmxldZloUs4+TN7B85oZjiYCmAEpOVwzt+5D1UFIBa7vgc0=
X-Received: by 2002:a2e:910a:: with SMTP id
 m10mr17025958ljg.421.1617011185431;
 Mon, 29 Mar 2021 02:46:25 -0700 (PDT)
MIME-Version: 1.0
References: <382c1ae1-3ee9-8000-10ed-1a3fce390eac@posteo.de>
 <CA+OCxoweunYZGJ5kx=c8YCRjuAeOXV48YbBZrJ6BL3n8Mriz=Q@mail.gmail.com>
In-Reply-To: 
 <CA+OCxoweunYZGJ5kx=c8YCRjuAeOXV48YbBZrJ6BL3n8Mriz=Q@mail.gmail.com>
From: Khushboo Vashi <khushboo.vashi@enterprisedb.com>
Date: Mon, 29 Mar 2021 15:16:27 +0530
Message-ID: 
 <CAFOhELcuRA9xAucPCCTfsESK-cBk5cr74TAi=e8Uf02RH2kT5A@mail.gmail.com>
Subject: Re: OAuth error when logging in
To: Dave Page <dpage@pgadmin.org>
Cc: Florian Sabonchi <sabonchi@posteo.de>,
 pgadmin-hackers <pgadmin-hackers@postgresql.org>
Content-Type: multipart/alternative; boundary="0000000000004e4a7e05bea9c184"
X-CLOUD-SEC-AV-Info: enterprisedb,google_mail,monitor
X-CLOUD-SEC-AV-Sent: true
X-Gm-Spam: 0
X-Gm-Phishy: 0
List-Id: <pgadmin-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgadmin-hackers@lists.postgresql.org>
List-Owner: <mailto:pgadmin-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgadmin-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAFOhELcuRA9xAucPCCTfsESK-cBk5cr74TAi%3De8Uf02RH2kT5A%40mail.gmail.com>
Precedence: bulk

--0000000000004e4a7e05bea9c184
Content-Type: text/plain; charset="UTF-8"

Hi Florian,

As Dave mentioned, we use the user's password as an encryption key for
saving Postgres passwords, and we do so by maintaining KeyManager. As for
OAuth implementation, you do not have a password, you need to bypass this
step ( and that is the reason you are being redirected to the login page
because of no secret key). Check the code at line no 713 in
https://github.com/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/__init__.py
which is causing logout for you.

Thanks,
Khushboo

On Mon, Mar 29, 2021 at 1:57 PM Dave Page <dpage@pgadmin.org> wrote:

> Hi
>
> On Mon, Mar 29, 2021 at 9:21 AM Florian Sabonchi <sabonchi@posteo.de>
> wrote:
>
>> Hello I would like to integrate OAuth in PG-Admin. Unfortunately I have
>> the error that I am redirected back to the home page. Unfortunately I
>> could not find this error, what surprises me is that
>> current_user.is_authenticated is set to True. For this reason I just
>> wanted to ask maybe someone knows what the problem is. You can find my
>> source code here:
>>
>>
>> https://github.com/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/authenticate/__init__.py
>>
>>
>> I would be very happy if someone could help me with this problem.
>> Because I unfortunately have no idea what this could be for an issue
>>
>
> Khushboo (CC'd) is most familiar with this code as she wrote the plugin
> auth system - hopefully she can help point you in the right direction.
>
> However; we have discussed OAuth briefly in the past and never quite
> figured out what to do about saving Postgres passwords. Have you thought
> about that? The issue is that we won't have anything secret to use in an
> encryption key as pgAdmin won't see the user's password. We have the same
> issue with Kerberos, however the solution we came up with there was to
> simply disable password saving which is fine because in most environments
> the user will use Kerberos to authenticate to Postgres anyway (which
> Khushboo is working on right now).
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: http://www.enterprisedb.com
>
>

--0000000000004e4a7e05bea9c184
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hi Florian,</div><div><br></div><div>As Dave mentione=
d, we use the user&#39;s password as an encryption key for saving Postgres =
passwords, and we do so by maintaining KeyManager. As for OAuth implementat=
ion, you do not have a password, you need to bypass this step ( and that is=
 the reason you are being redirected to the login page because of no secret=
 key). Check the code at line no 713 in=C2=A0<a href=3D"https://github.com/=
FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/__init__.py">https://github.com=
/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/__init__.py</a> which is causi=
ng logout for you.</div><div><br></div><div>Thanks,</div><div>Khushboo</div=
><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mo=
n, Mar 29, 2021 at 1:57 PM Dave Page &lt;<a href=3D"mailto:dpage@pgadmin.or=
g">dpage@pgadmin.org</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204=
);padding-left:1ex"><div dir=3D"ltr"><div>Hi</div><br><div class=3D"gmail_q=
uote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Mar 29, 2021 at 9:21 AM=
 Florian Sabonchi &lt;<a href=3D"mailto:sabonchi@posteo.de" target=3D"_blan=
k">sabonchi@posteo.de</a>&gt; wrote:<br></div><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,20=
4);padding-left:1ex">Hello I would like to integrate OAuth in PG-Admin. Unf=
ortunately I have <br>
the error that I am redirected back to the home page. Unfortunately I <br>
could not find this error, what surprises me is that <br>
current_user.is_authenticated is set to True. For this reason I just <br>
wanted to ask maybe someone knows what the problem is. You can find my <br>
source code here:<br>
<br>
<a href=3D"https://github.com/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/a=
uthenticate/__init__.py" rel=3D"noreferrer" target=3D"_blank">https://githu=
b.com/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/authenticate/__init__.py<=
/a><br>
<br>
<br>
I would be very happy if someone could help me with this problem. <br>
Because I unfortunately have no idea what this could be for an issue<br></b=
lockquote><div><br></div><div>Khushboo (CC&#39;d) is most familiar with thi=
s code as she wrote the plugin auth system - hopefully she can help point y=
ou in the right direction.</div><div><br></div><div>However; we have discus=
sed OAuth briefly in the past and never quite figured out what to do about =
saving Postgres passwords. Have you thought about that? The issue is that w=
e won&#39;t have anything secret to use in an encryption key as pgAdmin won=
&#39;t see the user&#39;s password. We have the same issue with Kerberos, h=
owever the solution we came up with there was to simply disable password sa=
ving which is fine because in most environments the user will use Kerberos =
to authenticate to Postgres anyway (which Khushboo is working on right now)=
.</div><div>=C2=A0</div></div>-- <br><div dir=3D"ltr"><div dir=3D"ltr">Dave=
 Page<br>Blog: <a href=3D"http://pgsnake.blogspot.com" target=3D"_blank">ht=
tp://pgsnake.blogspot.com</a><br>Twitter: @pgsnake<br><br>EDB: <a href=3D"h=
ttp://www.enterprisedb.com" target=3D"_blank">http://www.enterprisedb.com</=
a><br><br></div></div></div>
</blockquote></div></div>

--0000000000004e4a7e05bea9c184--