Hi, bro
I have take a look at your pull request. For ur implementation, I have
some different ideas.
1. Current implementation is using RSA to encrypt , this seems a little
heavy for internal scheduling system.
But, it's useful in another view, the highest security for a system
is preferred. So what we should do is to let JWT configurable.
2. As ur implementation, User have to setup a center authentication node
for authenticating the JWT, it looks not a nice way.
Can we authenticate this by the process server via MySQL? For public
key, username, pwd are all stored in MySQL.
3. How about supporting a simple JWT secret key ?
DS is using JWT for clustered api-server authenticating , like SSO.
Scenario : User1 login in N1, and later request to N2, but N2 has
no session about user1, but cookie has JWT, validate JWT to check if user1
has logined
On Wed, Dec 18, 2019 at 8:06 PM Elon Lo <[email protected]> wrote:
> Hi,All
> I have implement to the jwt method for user authentication verify, who can
> help review this pr?
> pr address:https://github.com/apache/incubator-dolphinscheduler/pull/1502
