What is the recommended way for authentication and...
# troubleshootingp
Priyank Bagrecha
06/07/2022, 6:17 PMWhat is the recommended way for authentication and authorization for programmatic query access to a pinot table? We are thinking of having multiple tables per tenant and would like to be able to control access at a table level. What is the recommended mechanism for access logging?
Priyank Bagrecha
06/07/2022, 6:17 PMFYI @abhinav wagle
Priyank Bagrecha
06/07/2022, 6:21 PMWe did go through https://docs.pinot.apache.org/operators/tutorials/authentication-authorization-and-acls and we are interested in jwt token based approach and not basic http auth.
m
Mayank
06/07/2022, 11:59 PM
Afaik, OSS has basic auth only cc: @Alexander Pucher
p
Priyank Bagrecha
06/08/2022, 6:26 AMHas anyone figured out a way to configure jwt token based auth? At this point, I am thinking of having a rest api that validates jwt token, and issue the sql query provided in the body of the api call on behalf of the user and return the response back. The thin api layer also makes sure that the user is authorized to query the table. Unfortunately this doesn't allow us to use oss sdk for programmatic access. Is this what folks are doing? Any suggestions or feedback is highly appreciated.
m
Mayank
06/08/2022, 12:17 PM
Auth is defined as an interface in Pinot. You can plug-in your own implementation there, instead of creating a thin layer
p
Priyank Bagrecha
06/08/2022, 4:44 PMThanks. I'll look into it.
Priyank Bagrecha
06/08/2022, 6:41 PMWhile looking into the code, I discovered UrlAuthProvider.java added via pull request #8670. Do we know when this will be released?
Priyank Bagrecha
06/08/2022, 9:13 PMUnfortunately this doesn't take care of client auth in broker. that still happens via basic http at best. 😞