Redis ACL (user/pass) support?

[LangJV]

Is it currently possible to utilize a redis username AND password when authenticating to Redis?

The documentation mentions the ability to pass a password, but quite a few years back REdis becan supporting true ACLs, meaning you can now authenticate with a username AND a password.

I'd like to know if i pass like: "OAuth2username" or "username" or "OAuth2redisusername" - will it be able to authenticate with a username and password?

[zandbelt]

apparently it isn't but it wouldn't take much to add it in a new release of liboauth2

[LangJV]

As a follow-up question (and apoloiges if this is super basic) - how does one provide any of the redis arguments:
Looking at:

mod_oauth2/oauth2.conf

Lines 27 to 57 in aa178d4

	# OAuth2Cache Options:
	#
	# <name> <value> (default) <description>
	#
	# generic:
	#
	# name <string> (default) the name of the (named) cache to refer to from e.g. OAuth2TokenVerify
	# key_hash_algo <string> (sha256) hash algorithm for the cache key (or "none")
	# encrypt true|false (true) encrypt the cache value (default is "false" for the shm cache backend)
	# passphrase_hash_algo <string> (sha256) hash algorithm to apply to the passphrase before using it as an encryption key
	#
	# shm:
	#
	# max_key_size <number> (65) maximum size of the cache key in bytes (see also: key_hash_algo)
	# max_val_size <number> (8193) maximum size of a single cache value
	# max_entries <number> (1000) maximum number of entries in the cache (FIFO policy, overruns will result in a warning in the log)
	#
	# file:
	#
	# dir <path> (/tmp or C:\\Temp) cache file directory
	# clean_interval <seconds> (60) minimum interval to loop over the cache directories looking to delete expired entries
	#
	# memcache:
	#
	# config_string <string> (--SERVER=localhost) memcached specific server configuration string, see: https://www.systutorials.com/docs/linux/man/3-memcached/
	#
	# redis:
	#
	# host <string> (localhost) Redis server hostname
	# port <number> (6379) Redis servver port
	# password <string> (<no authentication>) password used to authenticate to the Redis server

would i do something like:
OAuth2Cache redis host myhost port 1234 password mypassword

Or:
OAuth2Cache redis
OAuth2Cache host myhost
OAuth2Cache port 1234
OAuth2Cache password mypassword

Or:
OAuth2Cache redis host myhost
OAuth2Cache redis port 1234
OAuth2Cache redis password mypassword

I've tried googling but the internet doesnt seem to have examples either. I see the doc defines the syntax as: #OAuth2Cache []
But that seems a bit ambiguous (maybe just to me?)

[zandbelt]

it is a query-encoded format, as documented - with samples - in:

mod_oauth2/oauth2.conf

Lines 68 to 73 in aa178d4

	#OAuth2TokenVerify <type> <value> [<options-in-query-encoded-format>]
	#
	# Samples:
	#
	# OAuth2TokenVerify introspect https://pingfed:9031/as/introspect.oauth2 introspect.ssl_verify=false&introspect.auth=client_secret_basic&client_id=rs0&client_secret=2Federate
	# OAuth2TokenVerify jwks_uri https://pingfed:9031/ext/one jwks_uri.ssl_verify=false

I notice that since the order of the statements in the sample changed (OAuth2Cache needs to be specified before others), this is less than obvious now, I'll improve that
so OAuth2Cache redis host=myhost&port=1234&password=mypassword
there are also a few examples in the README.md which is probably what most people go with