Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove redundant call to _authenticate API after access token is created #80952

Closed
azasypkin opened this issue Oct 19, 2020 · 7 comments · Fixed by #82980
Closed

Remove redundant call to _authenticate API after access token is created #80952

azasypkin opened this issue Oct 19, 2020 · 7 comments · Fixed by #82980
Labels
blocker Feature:Security/Authentication Platform Security - Authentication good first issue low hanging fruit low hanging fruit DO NOT USE. Use `good first issue` instead Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v8.0.0

Comments

@azasypkin
Copy link
Member

Since elastic/elasticsearch#59685 is resolved now (7.11.0+) we can proceed and remove redundant _authenticate calls after we create any kind of access token (Token/SAML/OIDC/Kerberos/PKI) that would improve login performance and make code simpler overall.
@azasypkin azasypkin added good first issue low hanging fruit Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Feature:Security/Authentication Platform Security - Authentication low hanging fruit DO NOT USE. Use `good first issue` instead labels Oct 19, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@azasypkin azasypkin mentioned this issue Oct 19, 2020
Closed
@gorogoroumaru
Copy link

Let me try to work on this issue.

@azasypkin
Copy link
Member Author

Let me try to work on this issue.

Great! Let me know if you stuck anywhere. These are likely the places you'll need to update/simplify:

Jest tests may be a bit tricky, but we can sort them out once you get to them.

@gorogoroumaru
Copy link

Hello, @azasypkin!
I don't understand how to check if we have already created any kind of access token.
Could you explain?

@azasypkin
Copy link
Member Author

Hello, @azasypkin!
I don't understand how to check if we have already created any kind of access token.
Could you explain?

Let's take a Token provider as an example, the response for this call already includes all required user information (see authentication field in response, here is the underlying API), that means you don't need to call getUser (based on this API internally) afterwards.

I'd suggest you to call these APIs manually and see what they return, I believe it should make clearer where you can eliminate unnecessary calls.

@azasypkin
Copy link
Member Author

Hey @gorogoroumaru ,

I'm going to pick this issue up soon since it's an improvement we'd like to include in the next minor release. But let me know if you're already working on it and planning to come up with a PR any time soon.

If you don't have time or interest anymore, that's totally fine, feel free to observe the linked the PR then. That can be useful for you anyway if you're going to contribute to Kibana in the future.

@azasypkin azasypkin mentioned this issue Nov 6, 2020
Merged
@gorogoroumaru
Copy link

I’m sorry @azasypkin.
I had a lot of trouble in setting up development environment and understanding how to use the authentication APIs.
I will observe the PR and study for the later contribution.

@azasypkin azasypkin mentioned this issue Nov 9, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocker Feature:Security/Authentication Platform Security - Authentication good first issue low hanging fruit low hanging fruit DO NOT USE. Use `good first issue` instead Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove redundant call to _authenticate API after access token is created. azasypkin/kibana
3 participants
@azasypkin @elasticmachine @gorogoroumaru