Add ability to resolve groups from JWT's #15955
Conversation
|
Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Connor Wilkes.
|
|
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
|
Hi !! @connorlwilkes Thanks for working on this PR. But unfortunately the process by which we are getting the groups from OAuthAuthenticator has been deprecated due to the following issues -
For additional rationale PTAL at this PR - #15669. cc: @kokosing |
|
As mentioned in #15669 (comment), this too would be worth reopening when #16539 gets implemented |
Description
The JWT auth method currently doesn't have the capability to resolve groups even though this is present in the OAuth auth method. This PR follows a similar pattern to that used in the OAuth method in order to enable this feature for JWT's. This is useful for non user or programmatic access
Additional context and related issues
Uses the same process as OAuth for config and to resolve the group (https://github.com/G-Research/trino/blob/master/core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2Authenticator.java#L84)
Release notes
( ) This is not user-visible or docs only and no release notes are required.
( ) Release notes are required, please propose a release note for me.
(x) Release notes are required, with the following suggested text: