Setting username via OAuth on shared servers #9540
Description
We have a use case of providing users with pre-configured database connections, which shared servers works well for. However, each user has a separate account in these databases, matching the email in their OAuth authentication flow (via Auth0). Their passwords are sourced externally (aws rds generate-db-auth-token) and short-lived, so we only need to set usernames, not passwords.
I was attempting to set a configuration to achieve this using servers.json, but it does not appear possible, looking at the codebase. We don't want a shared username, nor does Username: null cause the email/oauth-username-claim to be used, instead username is missing, and 'must be specified'.
The goal: Use the value of OAUTH2_USERNAME_CLAIM for Shared Servers instead of SharedUsername.
Related Issue: Shared Usernames: #6229
Describe alternatives you've considered
- Provisioning non-shared databases, per user: The servers.json is loaded into the SQLite DB once, as I understand, and removing it has undesired consequences, so this would be burdensome when adding new users.
Additional context
I am willing to contribute a PR with some changes in ServerModule.create_shared_server, but would like to open this discussion first.