Authc: Local users and sessions (proposal required, deferred)

[jihuayu]

Status

This issue is proposal-first and currently deferred.

Based on the maintainer discussion, third-party login should be considered before local controller-managed users. Local users should be treated as a possible fallback or lightweight testing feature after the first authentication direction is agreed.

Goal

Explore whether and how Kvrocks Controller should support controller-managed local users and sessions.

This issue is intentionally not a ready-to-code implementation plan. Contributors should design the approach first.

Proposal Required

Before opening an implementation PR, please post a proposal in this issue and wait for maintainer agreement.

The proposal should cover at least:

• Why local users are needed and how they coexist with third-party login or gateway authentication.
• The intended user model and role model at a high level.
• The session or token model, including storage and expiration behavior across controller instances.
• The expected API and Web UI surface.
• Configuration changes and backward compatibility when authentication is disabled.
• Security considerations and the planned test coverage.

Notes

Local users, if accepted, are intended for testing and lightweight development use unless maintainers agree on a broader production scope.

Detailed implementation steps should be proposed by the contributor and reviewed by maintainers before development starts.

[git-hulk]

@jihuayu, could we first support third-party logins like GitHub/Gmail and then allow using Casbin for RBAC?

[jihuayu]

@git-hulk Do we still need to implement local user accounts? Or implement local users after third-party login?

[git-hulk]

@git-hulk Do we still need to implement local user accounts? Or implement local users after third-party login?

Perhaps we can implement local users after third-party login.

[jihuayu]

@git-hulk For GitHub and Google OAuth, we need to restrict login domains. I plan to restrict Google logins by email domain and GitHub by organization. However, how should we map these users to roles in our controllers (e.g., Super Admin, Regular User, NS Admin)? It seems there isn't any built-in metadata for roles.

[git-hulk]

For GitHub and Google OAuth, we need to restrict login domains. I plan to restrict Google logins by email domain and GitHub by organization.

Great, it's a nice-to-have feature for the security consideration.

However, how should we map these users to roles in our controllers (e.g., Super Admin, Regular User, NS Admin)? It seems there isn't any built-in metadata for roles.

The simple way is to only allow roles like admin / editor / viewer?

[jihuayu]

@git-hulk What I want to know is, how do we map GitHub users to these roles? Do we authorize them one by one in the controller?

[git-hulk]

@git-hulk What I want to know is, how do we map GitHub users to these roles? Do we authorize them one by one in the controller?

We don't automatically map roles for users; we can use GitHub for authentication only, and the owner maintains user roles.