lasdf1234 opened a new issue, #11550: URL: https://github.com/apache/gravitino/issues/11550
## What would you like to be improved? Built-in IDP uses HTTP Basic authentication (`gravitino.authenticators` with `org.apache.gravitino.idp.auth.BasicAuthenticator`). The Gravitino server, Java/Python clients, and engine connectors can authenticate with username and password, but the Web UI (v1 and Web V2) does not provide a login form or session flow for this mode. The Web UI currently supports: - `simple` — username-only login when authorization is enabled, or direct access when authorization is disabled - `oauth` — OIDC/OAuth login flow Users enabling built-in IDP Basic auth may expect to sign in through the browser UI. Without documentation, this gap is easy to miss and leads to confusion or failed login attempts. ## How should we improve? Update IDP and Web UI documentation to state clearly that: 1. Built-in IDP Basic authentication is for REST APIs, clients, and engines — not the Web UI. 2. To use the Web UI with authentication, configure OAuth/OIDC (`gravitino.authenticators=oauth`) with an external identity provider, or use `simple` mode for development scenarios where the UI username-only flow is acceptable. Relevant docs: `docs/security/how-to-use-built-in-idp.md`, `docs/security/how-to-authenticate.md`, `docs/webui.md`, `docs/webui-v2.md`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
