[DRIVERS-810] Support shorter SCRAM conversation Created: 03/Feb/20  Updated: 03/Feb/20  Resolved: 03/Feb/20

Status: Closed
Project: Drivers
Component/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: John Stewart (Inactive) Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends

 Description   

This project will shorten the SCRAM conversation between client and server. The SCRAM handshake involves the following steps:

  1. The client advertises the name of the user it wishes to authenticate as.
  2. The server replies with user-specific mechanism parameters
  3. The client sends a proof of knowledge derived from the parameters and the password.
  4. The server replies with a proof that it knew the password.
  5. The client sends an empty message.
  6. The server replies with an empty message, along with the

    {done: true}


    flag.

We will remove steps 5 and 6, and the server will advertise

{done: true}

in step 4.

Clients can opt into the shorter SCRAM conversation with the following saslStart command:

{
  saslStart: 1,
  mechanism: 'SCRAM-SHA-256',
  options: { skipEmptyExchange: true },
  payload: '...',
}

Note that older server versions will ignore the options, so no wire version check is required. The options can be sent to all server versions. Older server versions will just continue to use the longer SASL conversations, so clients needing to authenticate to pre-4.4 servers have to be able to handle both types of exchanges.



 Comments   
Comment by Esha Bhargava [ 03/Feb/20 ]

Same as DRIVERS-707

Generated at Thu Feb 08 08:22:25 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.