Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dremio odbc interpretation of flight auth #5922

Closed
jmao-denver opened this issue Aug 9, 2024 · 0 comments · Fixed by #6032
Closed

Dremio odbc interpretation of flight auth #5922

jmao-denver opened this issue Aug 9, 2024 · 0 comments · Fixed by #6032
Assignees
@niloc132
Labels
arrow barrage bug Something isn't working mvp-odbc
Milestone
0.37.0

Comments

@jmao-denver
Copy link
Contributor

jmao-denver commented Aug 9, 2024
edited by niloc132
Loading

Three bugs found while working with alternative Flight clients:

  • Some clients refuse to use authentication types besides "Bearer" and "Basic" - we should overload "Bearer" to support a nested type so we can instruct clients to specify the type and token in the same call.
  • Our handling of Bearer requires that the token be a UUID by mistake - we intended to handle failure to read the UUID as "this isn't an existing session", but instead we fail the entire auth process
  • Some clients connect to Handshake as if it wasn't streaming or unary, but send no messages before half-closing. In those cases we assume that the auth process didn't work, but instead we can check to see if an auth header was set instead.
@jmao-denver jmao-denver added bug Something isn't working triage labels Aug 9, 2024
@niloc132 niloc132 added this to the 0.36.0 milestone Aug 9, 2024
@jmao-denver jmao-denver mentioned this issue Aug 13, 2024
Draft
niloc132 added a commit to niloc132/deephaven-core that referenced this issue Aug 15, 2024
@niloc132
fix: Go and JS clients should not require v1+v2 auth
2db1e60 
The Go client required sending v2 auth, but receiving v1 responses -
this change makes it consistently use v1 auth.

The JS client incorrectly closed the stream only after it had received
headers - now it can close right away, and just wait for headers to
arrive normally.

Prerequisite to deephaven#5922
@niloc132 niloc132 mentioned this issue Aug 15, 2024
Merged
niloc132 added a commit that referenced this issue Aug 16, 2024
@niloc132
fix: Go and JS clients should not require v1+v2 auth (#5946)
903abba 
The Go client required sending v2 auth, but receiving v1 responses -
this change makes it consistently use v1 auth.

The JS client incorrectly closed the stream only after it had received
headers - now it can close right away, and just wait for headers to
arrive normally.

Prerequisite to #5922
niloc132 added a commit to niloc132/deephaven-core that referenced this issue Aug 16, 2024
@niloc132
fix: Go and JS clients should not require v1+v2 auth
7e63a4c 
The Go client required sending v2 auth, but receiving v1 responses -
this change makes it consistently use v1 auth.

The JS client incorrectly closed the stream only after it had received
headers - now it can close right away, and just wait for headers to
arrive normally.

Prerequisite to deephaven#5922
@pete-petey pete-petey modified the milestones: 0.36.0, 0.37.0 Aug 26, 2024
@niloc132 niloc132 mentioned this issue Sep 8, 2024
Merged
niloc132 added a commit that referenced this issue Oct 8, 2024
@niloc132
fix: Authentication changes to better support FlightSQL clients (#6032)
39a2fc0 
Handshake calls previously required the client to send at least one
message before sending a response, even if the required auth information
was included in headers, now the server will respond and close the
stream right away. This change could cause problems for older DH clients
(specifically JS and Go clients), but the fix for this was released in
0.36.

Bearer authentication would fail if the token wasn't in the form of a
UUID, even if an alternative authentication handler was going to accept
the token.

Some Flight clients are unable to send auth types other than Basic and
Bearer, our authentication interceptor can now support the auth type as
a space-separated prefix of the auth token.

Fixes #5922
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@niloc132 niloc132

Labels
arrow barrage bug Something isn't working mvp-odbc
Projects
None yet
Milestone
0.37.0
Development

Successfully merging a pull request may close this issue.

fix: Authentication changes to better support FlightSQL clients niloc132/deephaven-core
3 participants
@niloc132 @jmao-denver @pete-petey