-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support custom cache for OAuth2 tokens #225
base: master
Are you sure you want to change the base?
Conversation
trino/auth.py
Outdated
if custom_cache is not None: | ||
return custom_cache |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe is worth to add some validation and error handling for custom_cache
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added an isinstance
check. I don't think there is anything more we can do. We might rethrow the exception as one of the dbapi exception types. WDYT?
README.md
Outdated
@@ -198,6 +198,8 @@ A callback to handle the redirect url can be provided via param `redirect_auth_u | |||
|
|||
The OAuth2 token will be cached either per `trino.auth.OAuth2Authentication` instance or, when keyring is installed, it will be cached within a secure backend (MacOS keychain, Windows credential locker, etc) under a key including host of the Trino connection. Keyring can be installed using `pip install 'trino[external-authentication-token-cache]'`. | |||
|
|||
A custom caching implementation can be provided by creating a class implementing the `trino.auth.OAuth2TokenCache` abstract class and adding it as in `OAuth2Authentication(cache=my_custom_cache_impl)`. The custom caching implementation enables usage in multi-user environments (notebooks, web applications) in combination with a custom `redirect_auth_url_handler` as explained above. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's explain further what can be passed as my_custom_cache_impl
or give some code snippets here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
c04d408
to
709d718
Compare
709d718
to
42ccb60
Compare
I'd prefer if we made the defaults more useful instead of adding hooks for custom behaviour and leaving users to implement them themselves. It seems default should be to cache based on identity (which is what Trino itself seems to do). |
That won't work in a distributed web application. You would need to store and retrieve the tokens in a distributed cache (eg redis) as every request may be handled by different nodes.
This is not entirely true. The user is not required in the |
Fixes #223