Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow password to take in a generator/callback to support temporary passwords that must be refreshed. #2779

Closed
bgoodman1695 opened this issue Jun 13, 2024 · 3 comments
Closed

Allow password to take in a generator/callback to support temporary passwords that must be refreshed. #2779

bgoodman1695 opened this issue Jun 13, 2024 · 3 comments

Comments

@bgoodman1695
Copy link

Motivation

Use case

Recently AWS introduced an option to connect to ElastiCache instances that are running Redis 7+, using IAM authentication: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth-iam.html

This poses a problem for the typical static password property, e.g. you might write an Elasticache/Redis client code with node-redis like:

import { createClient } from "redis";

const authToken = await generateIAMAuthToken(...);

const client = createClient({
  // ...
  password: authToken,
  // ^ This token will expire in 15 minutes, and the connection will automatically be disconnected after 12 hours!
  //   This forces consumers of the package to implement their own method to manually re-create a client & re-establish a valid connection with a new, valid password before expiry.
});

Proposed Solution

It would be useful if createClient could take in a callback for the password option, that may be invoked on reconnect attempts to properly refresh/regenerate a password in such scenarios where the password may be referring to a temporary auth string that must be refreshed on a TTL.

import { createClient } from "redis";

const client = createClient({
  // ...
  password: async () => generateIAMAuthToken(...),
  // node-redis client should leverage this callback to regenerate a valid password on client disconnect.
  // perhaps include a TTL option to also detect when reusing existing auth may be valid before regenerating?
});

Basic Code Example

No response
@devonhumes
Copy link

+1 this is supported in other language clients like Go and Java. In addition to the AWS specific authentication, this provides more flexibility into how credentials are provided in an application.

@leibale
Copy link
Collaborator

leibale commented Jun 14, 2024
edited
Loading

Duplicate of #821.
It's on our roadmap, but no one started implementing it yet.
You can use the workaround suggested in #821 (comment) in the meantime.

Edit: BTW, do you think we should do it for password only or the whole configuration object?

@leibale leibale closed this as completed Jun 14, 2024
@leibale leibale closed this as not planned Won't fix, can't repro, duplicate, stale Jun 14, 2024
@devonhumes
Copy link

I would lean towards the credentials (i.e. user / password) like other client implementations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@devonhumes @leibale @bgoodman1695