split out auth info from conn info, return the jwt as the auth keys

proxy/src/auth/backend.rs

@@ -171,6 +171,8 @@ impl ComputeUserInfo {
 }
 
 pub(crate) enum ComputeCredentialKeys {
+    #[expect(dead_code, reason = "WIP")]
+    Jwt(String),
     #[cfg(any(test, feature = "testing"))]
     Password(Vec<u8>),
     AuthKeys(AuthKeys),

proxy/src/console/provider.rs

@@ -309,6 +309,7 @@ impl NodeInfo {
             #[cfg(any(test, feature = "testing"))]
             ComputeCredentialKeys::Password(password) => self.config.password(password),
             ComputeCredentialKeys::AuthKeys(auth_keys) => self.config.auth_keys(*auth_keys),
+            ComputeCredentialKeys::Jwt(_) => panic!("unsupported keys"),
             ComputeCredentialKeys::None => &mut self.config,
         };
     }

proxy/src/serverless/backend.rs

@@ -1,7 +1,7 @@
 use std::{sync::Arc, time::Duration};
 
 use async_trait::async_trait;
-use tracing::{field::display, info};
+use tracing::{debug, field::display, info};
 
 use crate::{
     auth::{
@@ -105,7 +105,7 @@ impl PoolingBackend {
         ctx: &RequestMonitoring,
         config: &AuthenticationConfig,
         user_info: &ComputeUserInfo,
-        jwt: &str,
+        jwt: String,
     ) -> Result<ComputeCredentials, AuthError> {
         match &self.config.auth_backend {
             crate::auth::Backend::Console(console, ()) => {
@@ -116,13 +116,13 @@ impl PoolingBackend {
                         user_info.endpoint.clone(),
                         &user_info.user,
                         &**console,
-                        jwt,
+                        &jwt,
                     )
                     .await
                     .map_err(|e| AuthError::auth_failed(e.to_string()))?;
                 Ok(ComputeCredentials {
                     info: user_info.clone(),
-                    keys: crate::auth::backend::ComputeCredentialKeys::None,
+                    keys: crate::auth::backend::ComputeCredentialKeys::Jwt(jwt),
                 })
             }
             crate::auth::Backend::Web(_, ()) => Err(AuthError::auth_failed(
@@ -136,12 +136,13 @@ impl PoolingBackend {
                         user_info.endpoint.clone(),
                         &user_info.user,
                         &StaticAuthRules,
-                        jwt,
+                        &jwt,
                     )
                     .await
                     .map_err(|e| AuthError::auth_failed(e.to_string()))?;
                 Ok(ComputeCredentials {
                     info: user_info.clone(),
+                    // todo: rewrite JWT signature with key shared somehow between local proxy and postgres
                     keys: crate::auth::backend::ComputeCredentialKeys::None,
                 })
             }

proxy/src/serverless/sql_over_http.rs

@@ -563,14 +563,14 @@ async fn handle_inner(
 
     let authenticate_and_connect = Box::pin(
         async {
-            let keys = match &conn_info.auth {
+            let keys = match conn_info.auth {
                 AuthData::Password(pw) => {
                     backend
                         .authenticate_with_password(
                             ctx,
                             &config.authentication_config,
                             &conn_info.conn_info.user_info,
-                            pw,
+                            &pw,
                         )
                         .await?
                 }