Coordinator: spawn async task for expensive hash work

DAlperin · DAlperin · commit 4e3dfb9f57eb · 2025-12-03T15:55:32.000-05:00
diff --git a/src/adapter/src/coord/command_handler.rs b/src/adapter/src/coord/command_handler.rs
@@ -544,15 +544,17 @@ impl Coordinator {
             }
             if let Some(auth) = self.catalog().try_get_role_auth_by_id(&role.id) {
                 if let Some(hash) = &auth.password_hash {
-                    let _ = match mz_auth::hash::scram256_verify(&password, hash) {
-                        Ok(_) => tx.send(Ok(AuthResponse {
-                            role_id: role.id,
-                            superuser: role.attributes.superuser.unwrap_or(false),
-                        })),
-                        Err(_) => tx.send(Err(AdapterError::AuthenticationError(
-                            AuthenticationError::InvalidCredentials,
-                        ))),
-                    };
+                    let hash = hash.clone();
+                    let role_id = role.id;
+                    let superuser = role.attributes.superuser.unwrap_or(false);
+                    task::spawn(|| "auth-check-hash", async move {
+                        let _ = match mz_auth::hash::scram256_verify(&password, &hash) {
+                            Ok(_) => tx.send(Ok(AuthResponse { role_id, superuser })),
+                            Err(_) => tx.send(Err(AdapterError::AuthenticationError(
+                                AuthenticationError::InvalidCredentials,
+                            ))),
+                        };
+                    });
                     return;
                 }
             }
