GSoC Student Crushes It! The Inside Story Behind the OIDC Upgrade for Apache DolphinScheduler

We previously published an article titled “Unlocking Seamless & Secure Access: Introducing Generalized OIDC Authentication in Apache DolphinScheduler”, which drew significant attention both within and beyond the community. The piece highlighted one of the standout achievements from Google Summer of Code 2025 — Aryan Kumar, a student from the Punjab Engineering College in India, implemented a brand-new universal OpenID Connect (OIDC) authentication mechanism for Apache DolphinScheduler.

This new capability not only streamlines the entire user access process for DolphinScheduler but also greatly enhances the system’s security posture, making DolphinScheduler better suited for diverse enterprise-level scenarios. Notably, Aryan’s implementation makes clever use of the Nimbus SDK and takes database compatibility into account in advance, ensuring that both new and existing users can upgrade with zero friction.

Now that some time has passed since the feature was released, we are excited to bring you the first in-depth interview with the developer behind it. How did Aryan Kumar, located far away in India, first connect with the Apache DolphinScheduler project? What challenges did he encounter while designing and implementing the OIDC authentication mechanism, and how did he overcome them? What are his thoughts on the DolphinScheduler project and its community? And in his view, what does “open source” truly mean?

This interview is rich in content — including technical insights as well as personal growth stories. Let’s get to know this young developer and see how he is making his mark on the global open-source stage!

Personal Introduction

• Name: Aryan Kumar
• Location: Chandigarh, India
• Current Status: I am an aspiring Software Engineer currently pursuing a B.Tech in Metallurgical and Materials Engineering with Minor Specialization in Data Science at Punjab Engineering College, graduating in May 2027. I am passionate about Computer Science, AI, and open-source development. I am actively looking for full-time opportunities or internships in Software Development, Full Stack, and DevOps roles.
• Job Title: Aspiring Software Engineer & Open Source Developer
• Job Status: I am actively seeking full-time opportunities or internships in Software Development, Full Stack, and DevOps roles.
• Research field and term: Computer Science & AI, specializing in Multi-Agent Systems, Distributed Architectures, and Open-Source Development (Graduating in May 2027).
• GitHub ID: tusaryan
• Linkedin ID: tusaryan
• Contact info: aryankumartus@gmail.com
• Hobbies: Gardening, Swimming, Playing Football, Trekking, Travelling, and trying to learn everything every day

Below is the full interview transcript:

• Have you made any contribution to the Apache DolphinScheduler community? Can you describe the specific scheme?

Yes, I've been fortunate to make several contributions to the community, with the most significant being my Google Summer of Code 2025 project.

1. Kyuubi Datasource Connection Fix (#17081): This was my first open source contribution to Dolphinscheduler when I started working on it back in Feb this year, and resolved a bug that caused JDBC connection failures in high-availability (HA) environments using Kyuubi. This involved correcting the JDBC URL construction and updating the corresponding unit tests to ensure the fix was reliable.
2. Master Server Load Protection (#17159): I implemented a new configuration option, max.concurrent.workflow.instances, to prevent master server overloads during failover scenarios. As part of this, I also refactored the server protection mechanism to be more robust by incorporating system resource thresholds for CPU, memory, and disk usage.
3. Generalized OIDC Authentication module (#17340, GSoC'25 Project): My main contribution was architecting and implementing a generalized OpenID Connect (OIDC) authentication system.
   • Problem: Before this, DolphinScheduler's SSO capabilities were limited and often tied to specific implementations like Casdoor, making it difficult for enterprises to integrate their own identity systems.
   • Solution: I developed a new, scalable SSO mechanism using the Nimbus SDK that supports any OIDC-compliant provider (like Keycloak, Okta, Azure AD, etc.). Enhanced the system's security architecture by implementing robust authentication flows, token validation, and protection against CSRF and injection attacks, significantly reducing the attack vector. A key feature is the dynamic role-sync, which re-evaluates a user's permissions on every login, ensuring the external Identity Provider is always the single source of truth for access control. To ensure reliability and consistency, I implemented comprehensive unit tests (achieving ~94% coverage) and API tests to validate the complete feature workflow.

• Impact: This feature significantly enhances security and simplifies user management for enterprises, reducing integration time while ensuring zero regressions and maintaining backward compatibility with existing login methods.

  • What's the background of when you know about DolphinScheduler for the first time? Is there any interesting stories behind the process?

Back in my early days, I was very interested in technology - because of the problems it solved, how it connects everyone globally, and how the internet has made resources accessible to everyone at such a massive scale. All of this fascinated me, which is what drove me to learn more about it. I first heard about Google Summer of Code (GSoC) during my secondary education. When I entered college, I gained a better understanding from peers and seniors about GSoC, its global reputation, how competitive it is to crack, and the unmatched experience the program offers. I dug a little deeper to explore how the program works and what was required of me to get accepted. Since I already had a strong foundation in Java, I decided to advance my skills by learning Spring Boot, Microservices, Security, and DevOps. By the time the GSoC timeline was published, I had already built several projects using these technologies. To further enhance my skills and gain hands-on experience with real-world problems, I was looking for a high-impact, open-source project where I could tackle real-world challenges in distributed systems and security. I discovered Apache DolphinScheduler while exploring potential projects for Google Summer of Code. Coming from a Java-specialized development background, I believe there is hardly anyone who hasn't heard of the Apache Software Foundation. As Java developers, we frequently work with some of the greatest technologies built by the ASF, such as Apache HTTP Server, Tomcat, Kafka, Spark, Hadoop, and Maven. The list is endless. I was very excited because this felt like a great opportunity for me as a developer to be part of and contribute to the development of tools that many developers and enterprises use daily. It was fascinating to me. My skills aligned well with the project requirements, and DolphinScheduler's role as a powerful workflow orchestration platform immediately caught my attention.

Before starting to contribute, I decided to go through the documentation to get in-depth information about the existing project architecture, technologies used, and the standard practices for contributing. Since I went through the complete documentation myself, I can assure you that you can refer to it to find answers to your specific problems or if you get stuck while contributing to DolphinScheduler. It covers the complete architecture design, implementation strategies, API design, frontend development, a complete testing guide (Unit, API, E2E automation), environment setup, and installation. Basically, it has everything you can think of to help you easily onboard and make your first contribution. Believe me, it is very well-written, structured, and detailed. Additionally, the community is quite supportive; you can directly ask them about any queries related to your contribution, and they will surely guide you and help you tackle the problem. Coming to my experience, it was quite challenging at first, as I knew very little about contributing to open-source projects at the time. So, I started with tutorials and YouTube video guides. Little by little, I learned and progressed from working on minor bug fixes to small improvements, which eventually led to a major feature integration in DolphinScheduler. An interesting part of the journey was the deep dive into the DolphinScheduler architecture. I learned so much about the architectural design, standard practices, and how robust, scalable, and efficient DolphinScheduler is designed. My goal was to create a "Generalized OIDC authentication" solution, but proving that required a very rigorous testing strategy. I ended up creating a full-fledged API test suite using Testcontainers, which automatically spins up a Docker environment with DolphinScheduler and a Keycloak OIDC provider. It was challenging to get the complex interactions and mocking scenarios correct in the unit tests, but overcoming those hurdles gave me a much deeper understanding of the system's architecture and the importance of robust quality assurance in a CI/CD pipeline.

With such incredibly supportive mentors ZiHao Xiang and Gallardot, they make everything easier for me. Whether I am stuck on any issue or have any kind of issues, they promptly respond to me and support me throughout my GSoC. There was a slight delay. I am sorry that happened due to some problems which they also know about, and for some reason, because I was also just a beginner getting used to and meeting deadlines is something new for me, but they always supported me. Because of them, I was able to complete my GSoC project.

• Do you like open-source? And how long have you been involved in this field? Why does open source appeal to you?

Yes, absolutely. I define my enthusiasm not just by the tools I use, but by the contributions I make. My journey transitioned from being a passive consumer of technology to an active builder during the program. Whether it was diving deep into DolphinScheduler architecture and implementing the OIDC module or participating in community discussions for its improvement, I have found that I am most passionate when I am solving real-world problems that help the broader community.

I've been involved in open-source for the past couple of months, but my serious involvement began in February, marking the start of a rapid and intense learning curve. Before that, I was an admirer of the ecosystem, using tools like Spring Boot and Apache libraries for my college and personal projects. However, my transition to a contributor started when I tackled and fixed my first bug. That was my 'hello world' moment in open source. Since then, over the last few months, I have moved from fixing specific bugs to architecting major security features, condensing what feels like years of industry learning into a single, high-impact summer.

Drawing from my recent experiences with the DolphinScheduler community, open source appeals to me for three specific reasons:

1. The Power to Solve Real Problems: In a closed-source environment, if you find a bug, you are the victim to the vendor's roadmap. In open source, you are the master of your technology. When you encountered them, you didn't have to wait for a support ticket; That sense of ownership is addictive.
2. Potential and Quality: Open source code has 'unblocked potential', it creates a Darwinian environment where the best ideas survive. During my GSoC project, I wasn't just writing code that 'works'; I was pushed by mentors to write code that is secure, scalable and easy to maintain at the same time. This level of engineering rigor ensures the software is battle-tested by a global community, often making it more robust than proprietary alternatives.
3. Global Collaboration as a Classroom: Finally, it appeals to me because it is the ultimate classroom. It connects me, a student in India, with experts worldwide. Participating in community discussions and the code reviews I received on the features taught me more about standard industry practices, production-grade systems, and resource management than any textbook could. It transforms coding from a solitary task into a shared global mission.

• What is your first impression of the Apache DolphinScheduler community? What benefits do you gain in the community?

My first impression was that the community is incredibly active, supportive, and welcoming to new contributors. The first person I contacted in the community was Gallardot before I was selected to review my GSoC proposal, and his feedback helped me improve and motivated me to further enhance my idea. During my GSoC project, I received invaluable guidance and feedback from my mentors, which was crucial for the project's success. The biggest takeaways for me were the mentorship and the practical ability to adapt to new challenges. This experience forced me out of my comfort zone, helping me gain expertise in technologies like Vue.js, Nimbus SDK, and Testcontainers that I had limited experience with beforehand. Participating in code reviews and architectural discussions trained me to engineer robust, scalable, and secure systems, ensuring my work met the high-quality standards of the Apache Software Foundation.

• How do you feel about contributing to DolphinScheduler? Is it difficult for you or makes you feel uncomfortable?

Contributing to DolphinScheduler is a very positive and rewarding experience. Initially, there was a learning curve, as with any large and complex project. Understanding the architecture and setting up the local development environment took some time. However, it never felt uncomfortable because the community documentation is thorough, and the mentors and other contributors are always willing to help guide me through the process.

• Have you used DolphinScheduler in your work or personal research? And what are the application scenarios?

As a student, my primary experience with DolphinScheduler has been from the perspective of a developer and contributor rather than an end-user in a production environment. My application scenario was focused on extending the platform's core capabilities. For my GSoC project, I used it daily to develop, test, and integrate the OIDC authentication feature, which involved working directly with backend and UI components.

• What new features and optimizations do you think DolphinScheduler should have in the future?

Based on my work with the authentication module, I see three key areas where we can make DolphinScheduler even more enterprise-ready:

1. Advanced Identity Lifecycle & Granular Access Control: While my project established the foundation for OIDC, the next logical step is to support granular group-to-role mappings. Moving beyond basic ADMIN assignment to support specific roles like PROJECT_USER or PROJECT_ADMIN based on IdP groups would enable much finer access control. Additionally, implementing SCIM (System for Cross-domain Identity Management) alongside automatic token renewal would create a fully synchronized identity lifecycle, handling everything from seamless user provisioning to stable, long-lived sessions.
2. Security Hardening & Compliance: Security is paramount for enterprise adoption. I recommend expanding the framework to support PKCE (Proof Key for Code Exchange), which is crucial for securing public clients. Furthermore, integrating Single Logout (SLO) would ensure that signing out of DolphinScheduler terminates the session at the IdP level as well. To aid compliance, we should also introduce detailed auditing and logging for all OIDC login attempts, giving administrators clear visibility into success and failure events.
3. Enhanced Usability & Testing Ecosystem: To reduce friction for administrators, I recommend a UI-based OIDC configuration console, allowing them to manage providers without restarting the backend services. On the quality assurance side, I'd like to expand my Testcontainers-based suite to include full End-to-End (E2E) integration tests. Simulating real user logins across multiple providers like Okta, Azure AD, and Keycloak would validate the entire flow, from the frontend button to backend session creation, ensuring unmatched production reliability.

• Do you have any suggestions for the development of the DolphinScheduler community?

The community is already doing a fantastic job. One small suggestion would be to perhaps create more "bite-sized" introductory guides or video tutorials specifically for new developers. While the existing documentation is great, a guided walkthrough of submitting a first small PR, making them familiar with standard practices and open source culture, could help lower the initial barrier even further and attract more contributors.

• Would you like to make any contribution by code, or a non-code method to the Dolphinscheduler open-source community?

Yes, absolutely. I view my GSoC project not as the end of my engagement, but as the foundation for long-term contribution. I am committed to maintaining the OIDC authentication module to ensure it remains robust as the project evolves, while also actively contributing to future enhancements and bug fixes. Beyond code, I am a strong believer in knowledge sharing. I would love to create technical articles and improve documentation to help lower the entry barrier for new developers and also assist the community by reviewing pull requests.