From 4e3dfb9f57eb3c545bce2871013ec628c7047af0 Mon Sep 17 00:00:00 2001
From: Dov Alperin <dov.alperin@materialize.com>
Date: Wed, 3 Dec 2025 15:53:58 -0500
Subject: [PATCH] Coordinator: spawn async task for expensive hash work

---
 src/adapter/src/coord/command_handler.rs | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/adapter/src/coord/command_handler.rs b/src/adapter/src/coord/command_handler.rs
index 35cd457a30dcd..e7ace82a3fda8 100644
--- a/src/adapter/src/coord/command_handler.rs
+++ b/src/adapter/src/coord/command_handler.rs
@@ -544,15 +544,17 @@ impl Coordinator {
             }
             if let Some(auth) = self.catalog().try_get_role_auth_by_id(&role.id) {
                 if let Some(hash) = &auth.password_hash {
-                    let _ = match mz_auth::hash::scram256_verify(&password, hash) {
-                        Ok(_) => tx.send(Ok(AuthResponse {
-                            role_id: role.id,
-                            superuser: role.attributes.superuser.unwrap_or(false),
-                        })),
-                        Err(_) => tx.send(Err(AdapterError::AuthenticationError(
-                            AuthenticationError::InvalidCredentials,
-                        ))),
-                    };
+                    let hash = hash.clone();
+                    let role_id = role.id;
+                    let superuser = role.attributes.superuser.unwrap_or(false);
+                    task::spawn(|| "auth-check-hash", async move {
+                        let _ = match mz_auth::hash::scram256_verify(&password, &hash) {
+                            Ok(_) => tx.send(Ok(AuthResponse { role_id, superuser })),
+                            Err(_) => tx.send(Err(AdapterError::AuthenticationError(
+                                AuthenticationError::InvalidCredentials,
+                            ))),
+                        };
+                    });
                     return;
                 }
             }