villebro commented on PR #27631: URL: https://github.com/apache/superset/pull/27631#issuecomment-2025808118
@betodealmeida the two layer approach would likely solve the main blocking painpoints. However, there's still some issues with this approach: - In our use case, users that create new database connections don't tend to have access to the client details (these are created by another process). Requiring them to enter the client secrets is problematic from a governance perspective. - We have lots of database connections referencing the same client. If the client needed to be changed, one would need to manually update each database entry manually. If we had a separate model for clients, updating the client entity would automatically apply to all databases that leverage it. For this reason, this really feels more like a foreign key, rather than a property on the Database model. If we'd have regular API endpoints for the OAuth client resources, it should be possible to make sure that only the correct parties are able to CRUD them, solving the access problem. While this approach (=foreign key in the database entity to the client entity) would create an additional step for Cloud based databases, where one has to choose which client to use as opposed to that being automatically selected, I don't see this as a big issue. We could even define which specs a client is valid for, and if only a single client exists for a particular spec, that would be autoselected when enabling OAuth2 in the db modal. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
