Support short-time passwords (tokens) in connection strings

[kratkyzobak]

There are possibilities to connect database servers using token credentials. For example https://learn.microsoft.com/en-us/azure/mysql/flexible-server/concepts-azure-ad-authentication

tl;dr - there are situations where you can use short-lived token instead of long-lived password to connect to database

Problem(s):

• Access token used as password can be really short-lived (5-60 minutes). When using lazy connections in some long-running jobs, token may be already expired when trying to connect if token obtained in service creation time instead in connection time.
• Same as previous for reconnecting during long-running job
• Access token shoud not be obtained before lazy connection is ready made

Potential solutions:

• Wierd one - pass reference to password instead of password itself (for example in Azure Storage SDK) - this does not solve latest issue - token has to be released not only even connection is not made, but has to be updated every tim
• Provider of connections - using some layer above current connection class and do lazines again (doable outside of Nette)
• Provider of password - allow password to be not only ?string, but null|string|callable():string

I would preffer last one of course. I wanted to do it and send as PR, but I feel like to need approval that it is acceptable at all. As I looked to another frameworks, their configuration usually does not support this scenario too.

[JanTvrdik]

Are there some problem with using the second solution, i.e. having custom connection factory?

[kratkyzobak]

Problem is only in mindset. Of course I can handle solving this by connection factory and/or decorator above current Connection class, where I would re-implement connection laziness.

I belive, this kind of stuff should be somehow supported by framework as short-lived passwords will be used more and more.

But I may be alone with this opinion. This is reason, why I asked first, before trying to create PR.