GSoC Student Crushes It! The Inside Story Behind the OIDC Upgrade for Apache DolphinScheduler

Source: Dev.to

Personal Introduction

• Name: Aryan Kumar
• Location: Chandigarh, India
• Current Status: B.Tech in Metallurgical and Materials Engineering (Minor in Data Science) at Punjab Engineering College, graduating May 2027. Aspiring software engineer with interests in AI and open‑source development. Actively seeking full‑time or internship opportunities in software development, full‑stack, and DevOps.
• GitHub: tusaryan
• LinkedIn: tusaryan
• Contact: aryankumartus@gmail.com
• Hobbies: Gardening, swimming, football, trekking, travelling, and continuous learning.

Interview Transcript

Contribution to Apache DolphinScheduler

Question: Have you made any contribution to the Apache DolphinScheduler community? Can you describe the specific scheme?

Answer: Yes, I’ve been fortunate to make several contributions, the most significant being my Google Summer of Code 2025 project.

• Kyuubi Datasource Connection Fix (#17081) – My first open‑source contribution to DolphinScheduler (Feb 2025). Fixed a bug that caused JDBC connection failures in high‑availability environments using Kyuubi by correcting the JDBC URL construction and updating unit tests.

• Master Server Load Protection (#17159) – Implemented a new configuration option max.concurrent.workflow.instances to prevent master server overloads during failover scenarios. Refactored the server protection mechanism to incorporate CPU, memory, and disk usage thresholds.

• Generalized OIDC Authentication module (#17340, GSoC’25 Project) – Architected and implemented a universal OpenID Connect (OIDC) authentication system.

  Problem: DolphinScheduler’s SSO capabilities were limited to specific implementations (e.g., Casdoor), making enterprise integration difficult.

  Solution: Developed a scalable SSO mechanism using the Nimbus SDK that supports any OIDC‑compliant provider (Keycloak, Okta, Azure AD, etc.). Added robust authentication flows, token validation, CSRF and injection protection, and dynamic role‑sync that re‑evaluates permissions on each login. Implemented comprehensive unit tests (~94 % coverage) and API tests to ensure reliability.

  Impact: Enhances security, simplifies user management, reduces integration time, and maintains backward compatibility with existing login methods.

Background and First Encounter with DolphinScheduler

Question: What’s the background of when you first learned about DolphinScheduler? Any interesting stories?

Answer: I was always fascinated by technology’s ability to solve problems and connect people globally. I first heard about Google Summer of Code (GSoC) during secondary school and later learned more about it in college. With a solid Java foundation, I expanded my skills in Spring Boot, microservices, security, and DevOps.

When the GSoC timeline was announced, I was looking for a high‑impact open‑source project that dealt with distributed systems and security. While exploring potential projects, I discovered Apache DolphinScheduler. As a Java developer, I’m familiar with many ASF projects (HTTP Server, Tomcat, Kafka, Spark, Hadoop, Maven, etc.), so contributing to a widely‑used workflow orchestration platform felt like a perfect fit.

Before contributing, I studied the documentation to understand the existing architecture and identify areas where I could add value. This preparation helped me propose the OIDC authentication module, which ultimately became my GSoC project.