plynx-team / plynx

PLynx is a domain agnostic platform for managing reproducible experiments and data-oriented workflows.
https://plynx.com
Apache License 2.0
304 stars 38 forks source link

Will you support Auth through LDAP, AzureAD or Oauth2? #78

Open thoth291 opened 4 years ago

thoth291 commented 4 years ago

This is really really nice looking project. Kudos for all the work you did so far! Really impressive!

Only secret key based auth seems to be not enough to cover integration into existing infrastructure. Is there any plans for more mature auth methods?

khaxis commented 4 years ago

Hi Anar,

Thanks for feedback! Yes, we've been thinking a lot about it. Actually this PR is a step towards it: https://github.com/plynx-team/plynx/pull/74. This is where we will start manage users (everyone was admin before).

@Houjio has suggested using JWT recently. Also I've heard other requests too.

Current auth method is pretty basic and works fine for current scale, but there will be a need soon to extend it for sure. Is there a use case you have in mind? That would be really helpful to make decisions and prioritize the workflow.

For example, we are covering a single scenario: plynx is hosted on clients side, and an admin creates accounts. Or some variations of it. Are you suggesting to authorize with azure or github account to existing plynx.com or internal service? I guess we should also support organizations in these platforms. Can we rely on VPN for security? Is it for internal or external users?

Thanks!

thoth291 commented 4 years ago

Hi, @khaxis .

In addition to the ones listed by you and specified in the title of this issue I would say that having gitlab and jupyterhub as an option would be extremely handy. Especially gitlab - which supports many auth methods - so we can use it as authorization server.

I would say that we would be interested only internal service, since the codes we will run are not public. And only for internal users. I noticed that roles are now better supported - so update on this issue would be much appreciated.