v5.9.0 - Feedback wanted on re-authentication #705
RichardIrons-neo4j
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Re-Authentication
In version 5.9.0, we introduce a new preview API to the driver. Under the term re-authentication, we deliver two closely related features:
replacing the authentication information in the driver without having to create a new driver object
using specific auth information for the duration of a session
1. Auth Rotation
This is used for auth tokens that are expected to expire (e.g., SSO).
An implementation of
IAuthTokenManager
may be passed to the driver instead of a static auth token.The easiest way to get started is using the provided
AuthManager
implementation. For example:If you don't want to define a new class that gets the new token, you can just pass a delegate instead:
The object returned from
AuthTokenManagers.ExpirationBased
will transparently handle the logic of retrieving a new token when the current token expires.AuthTokenManager
is undefined behavior.AuthTokenManager
s (and consequentially provider functions passed toAuthTokenManagers.ExpirationBased
) must not interact with the driver in any way as this can cause deadlocks and undefined behavior.2) Session Auth
For the purpose of switching users,
Session
s can be configured with a static auth token. This is very similar to impersonation in that all work in the session will be executed in the security context of the user associated with the auth token. The major difference is that impersonation does not require or verify authentication information of the target user, however it requires the impersonating user to have the permission to impersonate.Note
This requires Bolt protocol version 5.1 or higher (Neo4j DBMS 5.6+).
Feedback wanted
This new API is currently marked as preview. What it means is that we are eagerly waiting for your feedback. Does it work well in your scenario? Do you wish there was more?
Let us know so we can correct course in the next releases!
Beta Was this translation helpful? Give feedback.
All reactions