> So the problem is that the Proxy is not requesting a refresh ? It should be the proxy client.
Zixuan Enrico Olivelli <eolive...@gmail.com> 于2022年8月17日周三 23:35写道: > So the problem is that the Proxy is not requesting a refresh ? > > Enrico > > Il giorno mer 17 ago 2022 alle ore 16:26 Zixuan Liu > <node...@gmail.com> ha scritto: > > > > Thank @Qiang! > > > > Update the diagram: > > > https://drive.google.com/file/d/1E6z0dzXzvW5ZxG6d6YUghL9OikA8j4UC/view?usp=sharing > > > > Thanks, > > Zixuan > > > > Qiang Huang <qiang.huang1...@gmail.com> 于2022年8月17日周三 19:13写道: > > > > > It makes sense to me. BTW, the image is broken. > > > > > > Zixuan Liu <node...@gmail.com> 于2022年8月17日周三 11:10写道: > > > > > > > Note that there are two clients, the user client, and the proxy > client. > > > > When the original authenticate data expires, the user client cannot > send > > > a > > > > request to the proxy to find the broker URL. We haven't tests to > cover > > > this. > > > > > > > > A simple diagram represents workflow: > > > > [image: image.png] > > > > Both connections pass the proxy client and the user client > authentication > > > > data. > > > > > > > > Thanks, > > > > Zixuan > > > > > > > > Zixuan Liu <node...@gmail.com> 于2022年8月16日周二 23:02写道: > > > > > > > >> Hi all, > > > >> > > > >> Refreshing the authentication data comes from the client is > important. > > > We > > > >> have two types of authentication data, directly authentication > data, and > > > >> original authentication data: > > > >> > > > >> 1. Directly authentication data > > > >> The client/proxy brings the authentication data directly connected > to > > > the > > > >> broker, which is directly authentication data. > > > >> > > > >> When the directly authentication data is expired, the broker sends > the > > > >> `newAuthChallenge` command with `AuthData.REFRESH_AUTH_DATA` data > to the > > > >> client to refresh the authentication data. > > > >> > > > >> 2. Original authentication data > > > >> We add a proxy between the client and the broker, both the proxy > and the > > > >> client bring the authentication data to request the broker, the > > > >> authentication data from the proxy is directly authentication data, > and > > > the > > > >> authentication data from the client is original authentication data. > > > >> > > > >> The broker can refresh the directly authentication data, but when > we are > > > >> using the proxy, the broker could not refresh the original > > > >> authentication data, because we haven't any action to request to > refresh > > > >> the original authentication data, so we need to add an auth data > const > > > to > > > >> request to refresh the original authentication data, so like > > > >> `AuthData.REFRESH_AUTH_DATA`. > > > >> > > > >> Once most people agree with this, I'll make a PIP. > > > >> > > > >> References: > > > >> > > > >> - https://github.com/apache/pulsar/pull/13339 > > > >> - https://github.com/apache/pulsar/issues/10816 > > > >> > > > >> Thanks, > > > >> Zixuan > > > >> > > > >> > > > > > > -- > > > BR, > > > Qiang Huang > > > >
