| From: | Khushboo Vashi <khushboo(dot)vashi(at)enterprisedb(dot)com> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | Florian Sabonchi <sabonchi(at)posteo(dot)de>, pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: OAuth error when logging in |
| Date: | 2021-03-29 09:46:27 |
| Message-ID: | CAFOhELcuRA9xAucPCCTfsESK-cBk5cr74TAi=e8Uf02RH2kT5A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Hi Florian,
As Dave mentioned, we use the user's password as an encryption key for
saving Postgres passwords, and we do so by maintaining KeyManager. As for
OAuth implementation, you do not have a password, you need to bypass this
step ( and that is the reason you are being redirected to the login page
because of no secret key). Check the code at line no 713 in
https://github.com/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/__init__.py
which is causing logout for you.
Thanks,
Khushboo
On Mon, Mar 29, 2021 at 1:57 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
> Hi
>
> On Mon, Mar 29, 2021 at 9:21 AM Florian Sabonchi <sabonchi(at)posteo(dot)de>
> wrote:
>
>> Hello I would like to integrate OAuth in PG-Admin. Unfortunately I have
>> the error that I am redirected back to the home page. Unfortunately I
>> could not find this error, what surprises me is that
>> current_user.is_authenticated is set to True. For this reason I just
>> wanted to ask maybe someone knows what the problem is. You can find my
>> source code here:
>>
>>
>> https://github.com/FlorianJSa/pgadmin4/blob/OAuth2/web/pgadmin/authenticate/__init__.py
>>
>>
>> I would be very happy if someone could help me with this problem.
>> Because I unfortunately have no idea what this could be for an issue
>>
>
> Khushboo (CC'd) is most familiar with this code as she wrote the plugin
> auth system - hopefully she can help point you in the right direction.
>
> However; we have discussed OAuth briefly in the past and never quite
> figured out what to do about saving Postgres passwords. Have you thought
> about that? The issue is that we won't have anything secret to use in an
> encryption key as pgAdmin won't see the user's password. We have the same
> issue with Kerberos, however the solution we came up with there was to
> simply disable password saving which is fine because in most environments
> the user will use Kerberos to authenticate to Postgres anyway (which
> Khushboo is working on right now).
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: http://www.enterprisedb.com
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Chavez | 2021-03-29 23:41:20 | Re: CLI for Schema Diff |
| Previous Message | Dave Page | 2021-03-29 09:35:56 | pgAdmin 4 commit: Mark the Apache HTTPD config file as such in the web |