Let nats client send auth_required without waiting for the server to ask for it

[lubien]

I've been using a fork of your library on Fly.io for logs with a few changes.

My proposal negotiate auth if the client wrote those on its config without needing for the server to ask for it. I've implemented here an example: 9ddb11a

This feels like a breaking change for some so I'd love input on this!

[mmmries]

Hmmmm I've never thought about forcing a connection to use auth. Is that supported in the protocol? I thought we always did an initial handshake first and we could only send the credentials as our response to that handshake?

[mmmries]

Looking at the client protocol it indicates that auth_token, user, or pass should only be sent if auth_required is set. Do other nats clients allow the client for force authentication?

If we did want to support this, I think I would avoid modifying the server_settings and instead I would handle this logic in the negotiate_settings function. So that function will always see the server settings and user_settings in a consistent way.

[lubien]

Do other nats clients allow the client for force authentication?

Yes, Go client does: https://github.com/nats-io/nats.go/blob/main/nats.go#L2248

Which we happen to use on our CLI: https://github.com/superfly/flyctl/blob/master/logs/nats.go#L78

Since our NATs server does not ask for auth_required.

If we did want to support this, I think I would avoid modifying the server_settings and instead I would handle this logic in the negotiate_settings function. So that function will always see the server settings and user_settings in a consistent way.

Got it. I can take a stab at this if this is wanted.

[mmmries]

Hey @lubien thank you for opening the PR. Can you clarify a few things for me?

Yes, Go client does: https://github.com/nats-io/nats.go/blob/main/nats.go#L2248

I'm not very familiar with Go, but it looks like that code will sent the auth credentials as long as they have been provided by the user in the nc.Opts? Is that right? So I wonder if we should change the Elixir client to follow that same convention and skip checking the server_settings.auth_required? We would just send the credentials if the use has specified them?

Since our NATs server does not ask for auth_required.

So your NATS server is configured in a way that it does not send "auth_required": true in the INFO message, but it does actually require credentials in order to connect successfully? I'm happy to follow the conventions in the go client, I just want to make sure I'm understanding how your NATS server is setup.

[lubien]

will sent the auth credentials as long as they have been provided by the user in the nc.Opts?

Yes, that's my understanding too. Disclaimer: I'm very new to Go 😆

So your NATS server is configured in a way that it does not send "auth_required": true in the INFO message, but it does actually require credentials in order to connect successfully?

Yes, that's how we built that. We just expect it to be sent.

Thanks for your time, really :)