Skip to content

SQL-65: Add password authentication to HTTP/WS server for OIDC#35185

Open
SangJunBak wants to merge 1 commit intoMaterializeInc:mainfrom
SangJunBak:jun/implement-http-ws-oidc
Open

SQL-65: Add password authentication to HTTP/WS server for OIDC#35185
SangJunBak wants to merge 1 commit intoMaterializeInc:mainfrom
SangJunBak:jun/implement-http-ws-oidc

Conversation

@SangJunBak
Copy link
Contributor

@SangJunBak SangJunBak commented Feb 24, 2026
edited
Loading

Stacked off #34891

Motivation

Closes sql-65

Description

Adds password authentication to HTTP/WS server for OIDC authentication

Verification

Created tests for fallback

@github-actions
Copy link

github-actions bot commented Feb 24, 2026

Thanks for opening this PR! Here are a few tips to help make the review process smooth for everyone.

PR title guidelines

  • Use imperative mood: "Fix X" not "Fixed X" or "Fixes X"
  • Be specific: "Fix panic in catalog sync when controller restarts" not "Fix bug" or "Update catalog code"
  • Prefix with area if helpful: compute: , storage: , adapter: , sql:

Pre-merge checklist

  • The PR title is descriptive and will make sense in the git log.
  • This PR has adequate test coverage / QA involvement has been duly considered. (trigger-ci for additional test/nightly runs)
  • If this PR includes major user-facing behavior changes, I have pinged the relevant PM to schedule a changelog post.
  • This PR has an associated up-to-date design doc, is a design doc (template), or is sufficiently small to not require a design.
  • If this PR evolves an existing $T ⇔ Proto$T mapping (possibly in a backwards-incompatible way), then it is tagged with a T-proto label.
  • If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label (example).

@SangJunBak SangJunBak force-pushed the jun/implement-http-ws-oidc branch 3 times, most recently from 5d3b256 to 246b641 Compare February 24, 2026 09:31
@SangJunBak SangJunBak marked this pull request as ready for review February 24, 2026 09:33
@SangJunBak SangJunBak requested a review from a team as a code owner February 24, 2026 09:33
@SangJunBak SangJunBak requested review from ggevay and teskje and removed request for ggevay February 24, 2026 09:33
@SangJunBak SangJunBak enabled auto-merge (squash) February 25, 2026 15:13
@SangJunBak SangJunBak disabled auto-merge February 25, 2026 15:13
@SangJunBak
adapter: reduce authenticator channels to frontegg and oidc only
d4b5928 
Replace the four per-kind oneshot channels (frontegg, password, oidc,
none) with just two — frontegg (optional) and oidc — since Password,
Sasl, and None authenticators don't require async initialization.
Introduce `get_authenticator` in http.rs to select the authenticator
at request time based on AuthenticatorKind and credentials, falling
back to Authenticator::Password for OIDC when password credentials
are presented.
@SangJunBak SangJunBak force-pushed the jun/implement-http-ws-oidc branch from 246b641 to d4b5928 Compare February 26, 2026 00:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@teskje teskje Awaiting requested review from teskje

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SangJunBak