Re: [DISCUSS] Add an auth data const for refresh the original auth data

Wed, 17 Aug 2022 07:26:03 -0700 

Thank @Qiang!

Update the diagram:
https://drive.google.com/file/d/1E6z0dzXzvW5ZxG6d6YUghL9OikA8j4UC/view?usp=sharing

Thanks,
Zixuan

Qiang Huang <qiang.huang1...@gmail.com> 于2022年8月17日周三 19:13写道:

> It makes sense to me. BTW, the image is broken.
>
> Zixuan Liu <node...@gmail.com> 于2022年8月17日周三 11:10写道:
>
> > Note that there are two clients, the user client, and the proxy client.
> > When the original authenticate data expires, the user client cannot send
> a
> > request to the proxy to find the broker URL. We haven't tests to cover
> this.
> >
> > A simple diagram represents workflow:
> > [image: image.png]
> > Both connections pass the proxy client and the user client authentication
> > data.
> >
> > Thanks,
> > Zixuan
> >
> > Zixuan Liu <node...@gmail.com> 于2022年8月16日周二 23:02写道:
> >
> >> Hi all,
> >>
> >> Refreshing the authentication data comes from the client is important.
> We
> >> have two types of authentication data, directly authentication data, and
> >> original authentication data:
> >>
> >> 1. Directly authentication data
> >> The client/proxy brings the authentication data directly connected to
> the
> >> broker, which is directly authentication data.
> >>
> >> When the directly authentication data is expired, the broker sends the
> >> `newAuthChallenge` command with `AuthData.REFRESH_AUTH_DATA` data to the
> >> client to refresh the authentication data.
> >>
> >> 2. Original authentication data
> >> We add a proxy between the client and the broker, both the proxy and the
> >> client bring the authentication data to request the broker, the
> >> authentication data from the proxy is directly authentication data, and
> the
> >> authentication data from the client is original authentication data.
> >>
> >> The broker can refresh the directly authentication data, but when we are
> >> using the proxy, the broker could not refresh the original
> >> authentication data, because we haven't any action to request to refresh
> >> the original authentication data, so we need to add an auth data const
> to
> >> request to refresh the original authentication data, so like
> >> `AuthData.REFRESH_AUTH_DATA`.
> >>
> >> Once most people agree with this, I'll make a PIP.
> >>
> >> References:
> >>
> >> - https://github.com/apache/pulsar/pull/13339
> >> - https://github.com/apache/pulsar/issues/10816
> >>
> >> Thanks,
> >> Zixuan
> >>
> >>
>
> --
> BR,
> Qiang Huang
>

Reply via email to