server/auth: enable tokenProvider if recoved store enables auth

[cfz]

we found a lease leak issue:
if a new member(by member add) is recovered by snapshot, and then
become leader, the lease will never expire afterwards. leader will
log the revoke failure caused by "invalid auth token", since the
token provider is not functional, and drops all generated token
from upper layer, which in this case, is the lease revoking
routine.

[mitake]

@cfz thanks a lot for this PR! I think it will fix the issue, but let me confirm with it. I think I can submit my review on Sunday.

[mitake]

LGTM, thanks! BTW it's also great if you can add an e2e test case. Can you add it? If you aren't familiar with e2e test infra, I can take it.

[mitake]

On the second thought, the change improves simple token and it's not for production use cases. I think having e2e test case is too much. It would be good just merging it.

[cfz]

On the second thought, the change improves simple token and it's not for production use cases. I think having e2e test case is too much. It would be good just merging it.

that's also what i'm thinking about.

actually, we enabled auth but using Common Name based authentication for client side. looks like we eventually run into the simple token code somehow....

[cfz]

i would also like to backport this change to v3.4, which is the actual release we are using. but not sure we can do this without a new commit, due to the path changing during 3.4 and 3.5?

[cfz]

seems the workflows needs another approval, since i amend my commit.... @mitake

[cfz]

ping @mitake 😄

[mitake]

@cfz approved, thanks!

[spzala]

@cfz thanks for addressing my comments, lgtm.

[mitake]

merged, thanks @cfz @spzala !