Thank @Qiang! Update the diagram: https://drive.google.com/file/d/1E6z0dzXzvW5ZxG6d6YUghL9OikA8j4UC/view?usp=sharing
Thanks, Zixuan Qiang Huang <qiang.huang1...@gmail.com> 于2022年8月17日周三 19:13写道: > It makes sense to me. BTW, the image is broken. > > Zixuan Liu <node...@gmail.com> 于2022年8月17日周三 11:10写道: > > > Note that there are two clients, the user client, and the proxy client. > > When the original authenticate data expires, the user client cannot send > a > > request to the proxy to find the broker URL. We haven't tests to cover > this. > > > > A simple diagram represents workflow: > > [image: image.png] > > Both connections pass the proxy client and the user client authentication > > data. > > > > Thanks, > > Zixuan > > > > Zixuan Liu <node...@gmail.com> 于2022年8月16日周二 23:02写道: > > > >> Hi all, > >> > >> Refreshing the authentication data comes from the client is important. > We > >> have two types of authentication data, directly authentication data, and > >> original authentication data: > >> > >> 1. Directly authentication data > >> The client/proxy brings the authentication data directly connected to > the > >> broker, which is directly authentication data. > >> > >> When the directly authentication data is expired, the broker sends the > >> `newAuthChallenge` command with `AuthData.REFRESH_AUTH_DATA` data to the > >> client to refresh the authentication data. > >> > >> 2. Original authentication data > >> We add a proxy between the client and the broker, both the proxy and the > >> client bring the authentication data to request the broker, the > >> authentication data from the proxy is directly authentication data, and > the > >> authentication data from the client is original authentication data. > >> > >> The broker can refresh the directly authentication data, but when we are > >> using the proxy, the broker could not refresh the original > >> authentication data, because we haven't any action to request to refresh > >> the original authentication data, so we need to add an auth data const > to > >> request to refresh the original authentication data, so like > >> `AuthData.REFRESH_AUTH_DATA`. > >> > >> Once most people agree with this, I'll make a PIP. > >> > >> References: > >> > >> - https://github.com/apache/pulsar/pull/13339 > >> - https://github.com/apache/pulsar/issues/10816 > >> > >> Thanks, > >> Zixuan > >> > >> > > -- > BR, > Qiang Huang >