Skip to content

add RPC-based AUTHN and AUTHZ support #414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
UiP9AV6Y wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add RPC-based AUTHN and AUTHZ support #414

UiP9AV6Y wants to merge 1 commit into from

Conversation

@UiP9AV6Y
Copy link

@UiP9AV6Y UiP9AV6Y commented Jan 24, 2026

this change adds both a new authenticator as well as an authorizer implementation using RPC communication.

the advantage over "External Authentication" is that those new plugins are only spawned once upon server start instead of with each auth request. this reduces resource problems in high request scenarios where the process IDs the system has available dwindle due to too many processes being created.

the advantage over "Plugin Authentication" is that it works on all platforms.

example plugins for each aspect (AUTHN/AUTHZ) have been implemented to demonstrate the feature as well as a simple test suite to verify the functionality.

relates to #337

@UiP9AV6Y
add RPC-based AUTHN and AUTHZ support
98f8886 
this change adds both a new authenticator as well as an authorizer
implementation using RPC communication.

the advantage over "External Authentication" is that those new
plugins are only spawned once upon server start instead of with
each auth request. this reduces resource problems in high request
scenarios where the process IDs the system has available dwindle
due to too many processes being created.

the advantage over "Plugin Authentication" is that it works on
all platforms.

example plugins for each aspect (AUTHN/AUTHZ) have been implemented
to demonstrate the feature as well as a simple test suite to verify
the functionality.

relates to cesanta#337
@UiP9AV6Y
Copy link
Author

UiP9AV6Y commented Jan 24, 2026

github.com/hashicorp/go-plugin does support customizing the logging stack, github.com/cesanta/glog however, does not. as a result the plugin system logs on its own accord in a different format. the only way to remedy this, would be to refactor the app to use a more customizable logging solution (e.g. the stdlib log/slog)

@UiP9AV6Y
Copy link
Author

UiP9AV6Y commented Jan 24, 2026

the minimum golang version has been raised in order to conform to the requirements of the newly added dependencies.

some code changes are not stricly required for this feature but are a result of running gofmt against the codebase. the MR could be reduced by formatting the code in a separate MR so i could rebase the branch against it.

@UiP9AV6Y
Copy link
Author

UiP9AV6Y commented Jan 24, 2026

github.com/cesanta/docker_auth/auth_server/plugin has been implemented as separate module for plugin authors to import without having to pull in the entire dependency tree of the "main" application.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@UiP9AV6Y