1 commit with 1,337 additions and 0 deletions 🤔

Slightly surprised how much code went into this (considering how much cryptography Go has in its standard library), but it looks like a lot of it is just magic tables.

I can review this work this weekend, but I'd appreciate if someone else did that as well.

I'll devote some time this weekend as well, though probably not enough for a complete review.

I'm not sure if/how we should consider external dependencies. A quick search pointed me to the following:

• proposal: add SASL package to subrepos golang/go#16257
• https://godoc.org/golang.org/x/text/secure/precis

So I have an idea of how to approach this, @hlinnaka, is this a port of some other implementation?

My health unfortunately won't let me spend any time on this this weekend. I'll try and organize some time some other weekend, but I can't promise anything.

Ah, I saw issue #16257 earlier, when I googled around, but I didn't notice there was a SCRAM-SHA-256 implementation included in that.

Fair warning: my library doesn't support the server side of SASL yet and the API is probably going to have to undergo at least one breaking change to add that. (EDIT: Added the server side) API feedback and thoughts would be welcomed.

Looking at that implementation, it doesn't do SASLprep (yet).

This is trivial to add, I just didn't have an RFC 7613 implementation yet when I started on the SASL implementation. The credentials API (where this change would be introduced) probably also will be part of the change when adding server support though. Having it as an option doesn't make a lot of sense since credentials may be just about anything, not just usernames and passwords.

PRECIS isn't identical to SASLprep, although it's close. I'm not sure what exactly the differences are.

PRECIS attempted to be as backwards compatible as possible and, in the particular case of SASLprep, most likely won't cause any problems as long as you re-normalize your data. See: RFC 7613 §6

Any update on this?

Also curious on updates as they are needed for continued usage of Gitea.

Any chance of an ETA on merging this PR?

Any progress?

Also interested on this. How can I help this to be merged?

I haven't done a review of the PR, but at a minimum it needs a test that connects to a real postgres server using this method. My read of the tests suggests this is missing.

@johto Hi, we very much need this feature for our Sept release. Is there any possible way to get this test case working so we can get this feature from last year merged?

This also needs a rebase onto master.

Any news about it?

• Feature request: Add support for SCRAM-SHA-256 password authentication #817
• Use a safe implementation of SCRAM. #914
• Support scram password generation #941
• Add support for SCRAM-SHA-256 authentication. #608
• Inform user of unsupported scram auth method #621
• Support for SCRAM-SHA-256 authentication #788
• Add SCRAM-SHA-256 authentication to this library #833

Linked to:

• State of Play scram-sasl/info#1

maybe the tests could be used for the merged scram auth?

This PR has been superseded by #833 and can be closed.