Skip to content

security: KV auth broker #49105

Closed
Closed
security: KV auth broker#49105
Assignees
tbg
Labels
A-multitenancyRelated to multi-tenancyC-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
@tbg

Description

@tbg
tbg
opened on May 15, 2020

SQL tenant servers will receive access tokens from a dedicated auth broker service. A token encodes the tenant ID and an expiration timestamp. The pattern is roughly that a tenant is initiated with a valid token and can periodically contact the auth broker (using a valid token) to issue a new valid token with a larger expiration timestamp. For simplicity, the auth broker will live in the main repo and comes bundled with ./cockroach, though we will also allow building it as a small stand-alone binary (from ./pkg/cmd/authbroker).

See #47898.

Metadata

Metadata

Assignees

Labels

A-multitenancyRelated to multi-tenancyC-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions