Support for custom auth providers

[downsider]

My company are investigating a migration from our self hosted Cassandra instances to AWS Keyspaces, which is touted as a drop in replacement for Cassandra

We have hit a problem with authentication, whereby either we have to use credentials for a "service account" IAM user (which our InfoSec team highly frown upon, for reasons) or use temporary token passwords (similar to access tokens used in OAuth) generated via Sigv4. The process for using Sigv4 requires us to inject a custom header containing the signed token into the request, so that AWS can validate the request is genuine

Would it be possible to add support for custom auth providers into the driver please, so we can implement and use the more secure auth Sigv4 authentication method?

The python implementation of this can be found here: https://github.com/aws/aws-sigv4-auth-cassandra-python-driver-plugin and the API it uses: https://docs.datastax.com/en/developer/python-driver/3.24/api/cassandra/auth/#cassandra.auth.AuthProvider.

We would be looking for a similar API, so this could also potentially be used with SASL or any other compatible authentication mechanism

[CodeLieutenant]

Seems ti be possible to add, but requires quite a bit of work. Since I am the only maintainer and not working full time on driver maintainence, this will be quite low on the priority list.

We are using self hosted ScyllaDB in production and basic auth is fine, if your company need other forms of authentication, you can submit pull request.

[downsider]

Thanks for your reply

Yeah, I thought that might be the case; figured it was worth asking anyway.

Unfortunately, my company has little experience writing C, even less writing PHP extensions, so we probably wouldn't be much help. I think the best we can do here is mark it as a feature request and you get around to it when you have time

Thanks for looking anyway

[CodeLieutenant]

I will try my best to deliver this feature, but no promises, if it lands it will be in 2.x version