Sentiaus commented on issue #4240:
URL: https://github.com/apache/texera/issues/4240#issuecomment-4527307940
Sounds good @xuang7 my plan is to focus on the google drive flow.
I plan to use an environment variable so your team can easily get this
setup, rather than working with an entirely new KMS. I assume this would need
to be made by the organization as well.
### Current Plan:
* Create a Token Encryption Service which will be passed to
GoogleDriveAuthResource. This service will handle encryption and decryption of
any strings passed into it. Implemented using jose4j's Json Web Encryption in
combination with AES-GCM encryption.
* GoogleDriveAuthResource will encrypt the entire auth state in the callback
function and store it in the DB. On access token request, it will decrypt the
auth state and get the refresh token.
Questions:
* Could I create a new package for Token Encryption Service? I think it
would be appropriate to create a new package in `common`, maybe called
`token-encryption` where Token Encryption Service will be.
* Could I create a new table in the DB dedicated to oauth tokens, e.g.:
```
CREATE TABLE user_oauth_tokens (
id INT PRIMARY KEY AUTO_INCREMENT,
user_id INT NOT NULL REFERENCES users(uid),
provider VARCHAR(64) NOT NULL, -- 'google_drive', 'aws', 'microsoft',
etc.
auth_blob VARCHAR(2048) NOT NULL,
UNIQUE (user_id, provider)
);
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
