Add support for SCRAM-SHA-256 authentication.#437
Conversation
78fcf00 to
c402a27
Compare
|
OK, after a couple of tries through the full test suite, all the tests are now passing (most of the adjustments were around making the code Python 3.5 compatible). Open to feedback. Thanks! |
elprans
left a comment
There was a problem hiding this comment.
Good work! Please address the review comments. Thanks!
| self._push_result() | ||
|
|
||
| elif self.auth_msg is not None: | ||
| # First, need to determine if this is |
|
@elprans Thanks for the review! I've made all the requested changes. For the implementation of SASLPrep I followed along the C implementation as while the docs are great, I figured this is the authority. It also looks like one of the tests failed due to a momentary DNS issue with Github: https://ci.appveyor.com/project/MagicStack/asyncpg/builds/24236176/job/i0xdab9iw4knis1x |
|
One last thing: please move |
SCRAM-SHA-256 authentication was introduced in PostgreSQL 10 as a better way for handling password based authentication. This implementation follows the guidance provided in the documentation, i.e. https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256
|
@elprans Agreed; I have broken it out into a separate file. Thanks! |
|
Merged. Thanks! |
|
Awesome, thanks for working on this with me @elprans! |
SCRAM-SHA-256 authentication was introduced in PostgreSQL 10 as a better way
for handling password based authentication.
This implementation follows the guidance provided in the documentation, i.e.
https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256
A detailed, high-level explanation for how it works is provided in the definition for the SCRAMAuthentication class.
This implementation does not support channel binding (added in PostgreSQL 11) as there is still some ongoing discussion in the community for how it should be handled.
This should satisfy the requirements for #314