indigophox commented on PR #34817: URL: https://github.com/apache/arrow/pull/34817#issuecomment-1819889753
> I think if you put any authentication middleware first, then it can reject unauthenticated requests and you can always create a session after that. As long as the auth & session interaction is happening within a gRPC call where there can be a shim that relates the two middlewares (or just integrate it all into one compound middleware) it would be simple enough to extend the provided middleware to have a function to tell it to (from the shim/other middleware) create a session whether or not one was otherwise triggered by the client, and do this based on the authNZ state of the other middlware. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
