diff --git a/docs/EnterpriseWebAuthFlow.png b/docs/EnterpriseWebAuthFlow.png deleted file mode 100644 index 73d26e23d6..0000000000 Binary files a/docs/EnterpriseWebAuthFlow.png and /dev/null differ diff --git a/docs/OSS_Auth_Flow.png b/docs/OSS_Auth_Flow.png deleted file mode 100644 index 7ddf4a8ed3..0000000000 Binary files a/docs/OSS_Auth_Flow.png and /dev/null differ diff --git a/docs/OauthStyleAuthentication.png b/docs/OauthStyleAuthentication.png new file mode 100644 index 0000000000..feafee6502 Binary files /dev/null and b/docs/OauthStyleAuthentication.png differ diff --git a/docs/Proposed_MrFusion_with_Bolt.png b/docs/Proposed_MrFusion_with_Bolt.png deleted file mode 100644 index 8de0667e21..0000000000 Binary files a/docs/Proposed_MrFusion_with_Bolt.png and /dev/null differ diff --git a/docs/auth.md b/docs/auth.md index 66f6a0576f..7729d0ec4f 100644 --- a/docs/auth.md +++ b/docs/auth.md @@ -1,30 +1,9 @@ -Originally Authored with Hackmd.io [Link](https://hackmd.io/CYBghgzATCCsCMBaAHGAZiRAWCsqIE4AjdRUZEYKCLMANmDCA===?both) +MrFusion with OAuth 2.0 (Github-style) -## Current Auth Flow -### With Enterprise Web +Originally Authored with Hackmd.io Link -Postgres is the source of truth for authorization credentials. -Plutonium only cares if the username is passed properly and signed. +OAuth 2.0 Style Authentication -_NOTE: JWT is never generated by the database. Influx OSS just checks that it is signed with the same secret._ -![enterprise sequence diagram](./EnterpriseWebAuthFlow.png) +Assumptions: The user has created an "OAuth Application" on Github to authenticate against. -### With OSS Flow - -In this example, I have the shared secret in a file on my Terminal. - -_NOTE: JWT is never generated by the database. Influx OSS just checks that it is signed with the same secret._ -![OSS Auth sequence diagram](./OSS_Auth_Flow.png) - -## Desired Auth Flow with Mr Fusion using Bolt. - -This describes what we'd like to see. And [here](https://gist.github.com/kfitzpatrick/bf4c178876be5aa0b7ae069707b4528e) is a quick reference implementation. - -_NOTE: Bolt might initially be replaced with a flat file. Obviously, we'd like to ship with Bolt. After that the plan is to be able to store in other system such as Influx, etcd, etc…_ -![MrFusion auth sequence diagram](./Proposed_MrFusion_with_Bolt.png) - -## Notes: - -* How do we keep the Data Source passwords safe? - * Salt & Hash. - * For v1 we'll use the same salting method as Pu +![oauth 2.0 flow](./OauthStyleAuthentication.png)