xuang7 commented on issue #4240: URL: https://github.com/apache/texera/issues/4240#issuecomment-4527452905
> Sounds good [@xuang7](https://github.com/xuang7) my plan is to focus on the google drive flow. > > I plan to use an environment variable so your team can easily get this setup, rather than working with an entirely new KMS. I assume this would need to be made by the organization as well. > > ### Current Plan: > > * Create a Token Encryption Service which will be passed to GoogleDriveAuthResource. This service will handle encryption and decryption of any strings passed into it. Implemented using jose4j's Json Web Encryption in combination with AES-GCM encryption. > * GoogleDriveAuthResource will encrypt the entire auth state in the callback function and store it in the DB. On access token request, it will decrypt the auth state and get the refresh token. > > Questions: > > * Could I create a new package for Token Encryption Service? I think it would be appropriate to create a new package in `common`, maybe called `token-encryption` where Token Encryption Service will be. > * Could I create a new table in the DB dedicated to oauth tokens, e.g.: > > ``` > CREATE TABLE user_oauth_tokens ( > id INT PRIMARY KEY AUTO_INCREMENT, > user_id INT NOT NULL REFERENCES users(uid), > provider VARCHAR(64) NOT NULL, -- 'google_drive', 'aws', 'microsoft', etc. > auth_blob VARCHAR(2048) NOT NULL, > UNIQUE (user_id, provider) > ); > ``` I think this direction looks good! For the package placement, you may consider putting this under `common/auth`. We can also see what others think. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
