troopa81
commented
3 months ago Would the proposal to abstract credential storage from @elpaso be studied or is it beyond the scope ?
Open nyalldawson opened 3 months ago
troopa81
commented
3 months ago Would the proposal to abstract credential storage from @elpaso be studied or is it beyond the scope ?
elpaso
commented
3 months ago @troopa81 I am going to submit a grant proposal for https://github.com/qgis/QGIS-Enhancement-Proposals/issues/248 which was originally designed with the server in mind but from an implementation perspective could be extended to desktop by using the same core API.
I am talking to @nyalldawson in order to consider if the two proposals could be joined into a single one. They are somewhat independent but it could be wise to consider them together when refactoring the auth system.
anitagraser
commented
3 months ago Thank you for submitting your proposal to the 2024 QGIS Grant Programme. The 2 week discussion period starts today. At the end of the discussion, the proposal author has to provide a 3-line pitch of their proposal for the voter information material. (For an example from last year check https://github.com/qgis/PSC/issues/58#issuecomment-1567892412)
QGIS Enhancement: Authentication system revision (v1.1)
Date 2024/03/14
Author Nyall Dawson (@nyalldawson)
Contact nyall.dawson@gmail.com
Version QGIS 3.X
Current situation
QGIS has an inbuilt secure store for user secrets, known as the "Authentication" system. The authentication framework is designed where secrets are stored in an encrypted sqlite database within the user's QGIS profile.
This database must be decrypted via a "master password" before secrets can either be read or stored in it by QGIS core or plugins. On some systems (linux, Windows) there is support for storing this master password within the user's operating system keychain/wallet, so that the user does not need to re-enter it when starting a new QGIS session. (Wallet storage is NOT currently available on Macos without user configuration tweaks, due to lack of notarization on the QGIS install. See https://github.com/qgis/QGIS/issues/46175).
Summary
This proposal is a companion to https://github.com/qgis/QGIS-Enhancement-Proposals/issues/278 -- in that proposal I described several incremental enhancements to the QGIS authentication framework, but the consensus from that proposal was that further research is required prior to making any changes.
Accordingly, this grant application involves a deeper research effort into the changes proposed in https://github.com/qgis/QGIS-Enhancement-Proposals/issues/278, and, ONLY if suitable, implementation of those proposals.
Please see further details and in depth discussion in https://github.com/qgis/QGIS-Enhancement-Proposals/issues/278
This proposal is a joint proposal with @elpaso to leverage a wider set of expertise.
Note that I am deliberately not linking https://github.com/qgis/QGIS-Enhancement-Proposals/issues/278 directly with the grant request, as we are NOT proposing https://github.com/qgis/QGIS-Enhancement-Proposals/issues/278 as the final outcome of the grant. Rather, the changes in https://github.com/qgis/QGIS-Enhancement-Proposals/issues/278 will only be implemented during the grant if they are deemed to be suitable and safe. If not, then the changes proposed in https://github.com/qgis/QGIS-Enhancement-Proposals/issues/278 will not be implemented (or may be only partly implemented).