Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-39269

Test and document standard MariaDB auth approaches for JWT, OAuth 2.0, & OIDC

    XMLWordPrintable

Details

    • Task
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      *Description:*

      User Story:
      As a developer,
      I want to evaluate and test the standard, already-available approaches for configuring MariaDB with modern authentication (JWT, OAuth 2.0, OIDC), so that the Docs team has accurate, real-world examples and technical details to write our official configuration guides.

      Context:
      To help DBAs modernize database security, we need to document how to leverage existing, standard methods (such as PAM modules, proxies, or standard enterprise plugins) to authenticate MariaDB using JSON Web Tokens (JWT), OAuth 2.0, and OpenID Connect (OIDC). Before the Docs team can create the tutorials, a developer needs to implement these existing approaches in a test environment and capture the exact configurations and workflows required.

      Tasks (Test & Record):
      Spin up a test environment using standard available tools/plugins and document your findings for the following scenarios:

      • Identify & Test: Confirm the best standard approaches for handling JWT, OAuth 2.0, and OIDC in MariaDB, and test the connection workflows for each.
      • IDP Integration: Configure and test OIDC/OAuth 2.0 integrations with at least one major provider (e.g., Google, GitHub, AWS Cognito, or Azure AD).
      • User Mapping: Document exactly how token claims (e.g., email or user IDs from the identity provider) are mapped to MariaDB internal user accounts in these setups.
      • Configuration & SQL: Record all necessary OS-level configs, plugin installations, system variables, and SQL commands needed to enable and manage these methods.
      • Error Handling: Intentionally trigger failures (invalid tokens, expired sessions, provider outages) and record how the system behaves and what errors are surfaced.

      Acceptance Criteria:

      • The developer has successfully configured and tested standard JWT, OAuth 2.0, and OIDC connection methods against a MariaDB instance.
      • A rough technical document (Confluence/Markdown) containing working setup steps, configuration files, SQL examples, and error behaviors is completed.
      • The technical document has been handed off to the Docs team for formal write-up.

      Attachments

        Activity

          People

            Unassigned Unassigned
            adamluciano Adam Luciano
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.