Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support user-implemented authentication plugin within the extension framework #53181

Closed
yzhan1 opened this issue May 10, 2024 · 0 comments · Fixed by #53494 or #54455
Closed

Support user-implemented authentication plugin within the extension framework #53181

yzhan1 opened this issue May 10, 2024 · 0 comments · Fixed by #53494 or #54455
Labels
type/feature-request Categorizes issue or PR as related to a new feature.

Comments

@yzhan1
Copy link
Contributor

yzhan1 commented May 10, 2024
edited
Loading

Feature Request

Is your feature request related to a problem? Please describe:

Currently, TiDB only supports the built-in authentication and authorization mechanism. The built-in mechanism is not flexible enough to meet the needs of some users. For example, some users may want to use their own authentication and authorization logic, or some users may want to integrate TiDB with their existing authentication and authorization system.

Using the extension system to implement an auth plugin is a good way for users to plug in their own logic.

Auth plugin is a feature supported in MySQL, so implementing this feature in TiDB will make it more compatible with MySQL.

Describe the feature you'd like:

Provide support in the extension system where TiDB users can implement their own authentication plugins with customized authentication (login) and authorization (privilege checking) logic.

Example:

If user implements a plugin called authentication_my_plugin, the user should be able to create a user using:

CREATE USER 'my_user'@'%' IDENTIFIED WITH 'authentication_my_plugin' AS 'optional_authentication_pwd';

where authn/authz for my_user will go through the customized logic in the implementation of authentication_my_plugin.

Describe alternatives you've considered:

  • MySQL already supports customized auth plugins
  • Currently, additional privilege checks or access control needs to happen outside of TiDB in a service layer above

Teachability, Documentation, Adoption, Migration Strategy:

Design: #53182
@yzhan1 yzhan1 added the type/feature-request Categorizes issue or PR as related to a new feature. label May 10, 2024
@yzhan1 yzhan1 mentioned this issue May 10, 2024
Merged
13 tasks
ti-chi-bot bot pushed a commit that referenced this issue May 16, 2024
@yzhan1
docs: design for extension auth plugin (#53182)
d8052e7 
ref #53181
terry1purcell pushed a commit to terry1purcell/tidb that referenced this issue May 17, 2024
@yzhan1 @terry1purcell
docs: design for extension auth plugin (pingcap#53182)
ec3c6bc 
ref pingcap#53181
@yzhan1 yzhan1 mentioned this issue May 22, 2024
Merged
13 tasks
RidRisR pushed a commit to RidRisR/tidb that referenced this issue May 23, 2024
@yzhan1 @RidRisR
docs: design for extension auth plugin (pingcap#53182)
c1339ad 
ref pingcap#53181
@ti-chi-bot ti-chi-bot bot closed this as completed in 3860ba5 Jul 3, 2024
@yzhan1 yzhan1 mentioned this issue Jul 4, 2024
Merged
13 tasks
ti-chi-bot bot pushed a commit that referenced this issue Jul 4, 2024
@yzhan1
*: improve auth plugin design and add readme (#54455)
4cf86e4 
close #53181
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/feature-request Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
1 participant
@yzhan1