Skip to content

Oauth2 Middleware scalability limit and resilience issues with code grant flow and token storage #2635

New issue
New issue
Open
Open
Oauth2 Middleware scalability limit and resilience issues with code grant flow and token storage#2635
Labels
P1kind/bugSomething isn't workingpinnedIssue does not get stale
Milestone
 
v1.16
@drewby

Description

@drewby
drewby
opened on Mar 6, 2023

Expected Behavior

Oauth2 Middleware should scale to multiple instances without the use of request affinity. It should also be resilient to restarts.

Actual Behavior

Oauth2 Middleware uses in-memory session state to store information during auth code grant flow and to store the client token at the end of authorization. This requires requests to always return to the same instance of the dapr sidecar and offers no resilience in the case of a restart of the daprd instance.

Steps to Reproduce the Problem

For scale:

  1. Configure daprd with a scaled deployment, no affinity on ingress
  2. After authorization, make multiple requests
  3. Some requests will require new authentication

For resilience:

  1. Use Oauth2 component to authenticate
  2. Restart daprd
  3. Next request will require authorization

Proposals

Use cookies instead of session state to store data during auth code grant flow and the client token.
Enable session state to be stored in a cache (Redis, etc).

Release Note

RELEASE NOTE: FIX Oauth2 Middleware resilient storage of client token

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1kind/bugSomething isn't workingpinnedIssue does not get stale

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions