Introducing support for external user identity / authentication management

[JonathanGiles]

Hello all!

I am interested in opening a discussion related to introducing functionality to Lettuce to simplify user identity and authentication management. Ideally, we would discuss the ability to introduce a service-agnostic API that enables users to make better use of service-specific functionality in a pluggable fashion. For example, Microsoft could introduce a library that works with this API to provide better support for Azure Active Directory (in a separate project, to avoid Lettuce having cloud-specific code in it). This would enable developers to have a richer experience, in that they may be able to delegate the connection to AAD to this library, and this library may then continue to maintain the credentials, including updating them when they are rolled or time-out.

It may be the case that such functionality already exists (and if so, this issue can be closed!), but if not, I would appreciate the opportunity to open a dialogue to discuss a potential future contribution to enable this. This contribution, as mentioned above, would be from Microsoft with your expert guidance to ensure it meets your expectations, and would be provided in a service agnostic fashion.

Thanks for your consideration.

[JonathanGiles]

This may be duplicative of #1774 and the PR at #1916 - I will review these and get back to you!

[mp911de]

#1916 introduces a Supplier-based API assuming that the Supplier can materialize credentials without blocking the authentication flow.

A potentially remote credential provider introduces either the need of pre-obtaining credentials and rotating these in the background or a mechanism to provide these through a non-blocking API (through a future or a Publisher).

We can provide API so that external libraries can provide authentication details, we do want to remain free of any cloud vendor-specific code.

[mp911de]

Closing this issue as a duplicate of #1916 with a few refinements.