Comments (13)
Yes, all store implementations are abstracted and it should be possible to implement other store backends. I would however do not recommend to use a No-SQL / Non-Acid solution for your auth* services.
RethinkDB, like probably all No-SQL databases, is not ACID compliant. Let's say you revoke a token. Without ACID compliance, the token will be revoked some time in the future. An attacker owning the revoked would therefore still have access although access has been revoked until RethinkDB has propagated the changes across the cluster.
from hydra.
If you want to use RethinkDB anyways (e.g. no need for uber-security) there are different stores that need to be implemented for this. For example:
- https://github.com/ory-am/hydra/blob/master/account/storage.go
- https://github.com/ory-am/hydra/blob/master/oauth/provider/storage/storage.go
I think most of them are pretty straight forward, you can always take a look at the postgres implementations if you want to.
If you need any help implementing or if you want to try things out feel free to ask me here or on our gitter channel: https://gitter.im/ory-am/hydra?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge
You can also play around with dockertest for rethinkDB integration tests :)
from hydra.
Thanks for the feedback from:
https://www.rethinkdb.com/docs/architecture/
.Write atomicity is supported on a per-document basis – updates to a single JSON document are guaranteed to be atomic. RethinkDB is different from other NoSQL systems in that atomic document updates aren’t limited to a small subset of possible operations – any combination of operations that can be performed on a single document is guaranteed to update the document atomically.
It maybe that this scope if atomicity is enough, but until idig through the DAL / CRUD in the code I can't say.
It all comes down to how relational your design is. If its no too much, its possible to scope everything to a su gle json dic for atomic reason.
from hydra.
Hey yep you're absolutely right. I was a little in a hurry and did not read up on everything, sorry for that :)
Atomicity is already one step in the right direction. If you don't manage an uber RethinkDB cluster, it should be a viable storage solution for Hydra. Osin (the OAuth2 library behind Hydra) actually already supports a RethinkDB: https://github.com/ahmet/osin-rethinkdb
You could play around with osin and osin-rethinkdb to get things started. Once that works it shouldn't be hard to get RethinkDB working for Hydra.
from hydra.
It's OK.
Nice. Good idea. Will take a crack at it tomorrow.
But I need all that hydra has, so will have to bite the bullet.
Cheers
On Tue, 29 Dec 2015, 20:30 Aeneas [email protected] wrote:
Hey yep you're absolutely right. I was a little in a hurry and did not
read up on everything, sorry for that :)Atomicity is already one step in the right direction. If you don't manage
an uber RethinkDB cluster, it should be a viable solution for Hydra. Osin
(the OAuth2 library behind Hydra) actually already supports a RethinkDB:
https://github.com/ahmet/osin-rethinkdbYou could play around with osin and osin-rethinkdb to get things started.
Once that works it shouldn't be hard to get RethinkDB working for Hydra.—
Reply to this email directly or view it on GitHub
#39 (comment).
from hydra.
I'm pro for adding RethinkDB. If you haven't already started working on it, I'll take a bite at it tomorrow. We use RethinkDB in our service backend and has so far not had any problems with atomicity, like pushing changes through the clusters immediately.
from hydra.
Update on this: 40% percent done last night. Will finish after work tonight.
from hydra.
You rock!
from hydra.
Hey Alexander. I never got time to do this , so thanks for this. I will be
able to help beta test for sure and contributed back I hope
On Mon, 8 Feb 2016, 10:16 Aeneas [email protected] wrote:
You rock!
—
Reply to this email directly or view it on GitHub
#39 (comment).
from hydra.
So, i didn't finish this today, but most certainly will tomorrow. I only have one function left in ladon (TestFindPoliciesForSubject) to implement but since that function is quite harsh to overview, i'll finish this tomorrow instead so i can get some sleep tonight ;)
@arekkas I think it's time to add rethinkdb support to dockertest as well. Right now all tests for rethinkdb are done locally instead of run in a container.
from hydra.
Ok, i think i'm done now :) Will need some live testing (how the heck i now do that?) and some smaller polishing bits, but at least hydra starts and sets upp all tables without giving any errors!! YAY!
from hydra.
good stuff! :)
from hydra.
If you can push and merge I can try it out on Monday
On Tue, 9 Feb 2016, 23:58 Aeneas [email protected] wrote:
good stuff! :)
—
Reply to this email directly or view it on GitHub
#39 (comment).
from hydra.
Related Issues (20)
- Foresee option token_endpoint_auth_signing_alg when creating/updating oauth2 clients
- Internal Server Error when doing POST to /oauth2/token during Code Grant flow when exchanging Code on Token HOT 1
- `Dockerfile`: Remove `VOLUME` instruction
- `Dockerfile`: Remove `/etc/nsswitch.conf` workaround HOT 1
- Configure sensitive fields that should be redacted HOT 1
- Cannot sign up twice from the same client
- Reading cookie in cross-site context will be blocked in future Chrome versions HOT 7
- Add tracing headers (or cookies) to the "User login and consent flow" so login service and ui service can link their traces to hydra's traceparent HOT 1
- quickstart 5-min fails: permission denied
- cli: add access token strategy parameter HOT 1
- Calling end_session_endpoint with id_token_hint errors when JWK is rotated HOT 2
- UPGRADE.md is outdated and linked in release communications for 2.2
- Cannot exchange external OIDC ID token for Hydra access token due to `aud` claim handling in Hydra HOT 1
- cli: add `--id` parameter to the `create oauth2-client` command
- Assertions may be reused & dead lock
- Add `prompt=create` alias for `prompt=registration`
- Add scope strategy allowing different separator for prefixes, resources and verbs HOT 1
- Deletes are not getting committed on CockroachDB HOT 2
- Deletes are not respecting the time boundaries with CockroachDB HOT 1
- /admin/oauth2/auth/requests/login returns 200 instead of 410 for a used login_challenge HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hydra.