trinodb / trino

Official repository of Trino, the distributed SQL query engine for big data, formerly known as PrestoSQL (https://trino.io)
https://trino.io
Apache License 2.0
10.4k stars 2.99k forks source link

Add JWT claims as extra credentials #22943

Open raj-manvar opened 2 months ago

raj-manvar commented 2 months ago

The ideas is originally suggested by @dain at https://github.com/trinodb/trino/issues/4244#issuecomment-678463292

Adding the JWT claims to extraCredentials field will allow the access control plugin to add access checks based on custom JWT claims, or combination of claims, Add JTI invalidations etc.

Relevant isues https://github.com/trinodb/trino/issues/4244 https://github.com/trinodb/trino/issues/4767

StephenOTT commented 2 months ago

@raj-manvar this reminds me a similar feature, and blocking point that i ran into: https://github.com/trinodb/trino/issues/16539

impersonation creates various issues for adding access control data into the auth process