Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPBearer token is set, Auth button not shown on /api/docs #67

Merged
merged 27 commits into from
Oct 24, 2024
Merged

HTTPBearer token is set, Auth button not shown on /api/docs #67

merged 27 commits into from
Oct 24, 2024

Conversation

Igoranze
Copy link
Contributor

@Igoranze Igoranze commented Oct 10, 2024
edited
Loading

Part of workfloworchestrator/orchestrator-core#670

This PR adds a Class TokenExtractor that is used as a Depends and extracts the token from the request in order to allow for HTTPBearer requests.
Part of the missing HTTPBearer request was that the /api/docs auth button was not shown.

Also added a statement to the authentication in order to filter out strawberry requests and get the token via the HTTPBearer without the Depends

@Igoranze Igoranze changed the title WIP: HTTPBearer token is set HTTPBearer token is set, Auth button not shown on /api/docs Oct 14, 2024
@pboers1988
Copy link
Member

@Igoranze still needs some linting fixes

pboers1988
pboers1988 requested changes Oct 14, 2024
View reviewed changes
Copy link
Member

@pboers1988 pboers1988 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Linting!

@torkashvand
Copy link
Contributor

torkashvand commented Oct 14, 2024
edited
Loading

I think linting (the mypy) errors here are really important. as fixing them, more changes reveals
for example, we used the border type HTTPConnection because we wanted to satisfy websocket requests as well

@Igoranze
Copy link
Contributor Author

Igoranze commented Oct 15, 2024
edited
Loading

I think linting (the mypy) errors here are really important. as fixing them, more changes reveals for example, we used the border type HTTPConnection because we wanted to satisfy websocket requests as well

@torkashvand I have changed the request type to HTTPConnection in the TokenExtractor, in the authenticate method I changed it to Request since websocket requests are checkend in the TokenExtractor this would compute. What are your findings on this?

Mark90
Mark90 reviewed Oct 22, 2024
View reviewed changes
Copy link
Contributor

@Mark90 Mark90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 2 small comments, and can you bump the version from 2.2.0 to 2.3.0?

oauth2_lib/fastapi.py Outdated Show resolved Hide resolved
oauth2_lib/fastapi.py Outdated Show resolved Hide resolved
@Mark90
Copy link
Contributor

Mark90 commented Oct 22, 2024

@pboers1988 let's briefly wait with merging this, I want to run it through some tests in okteto on thursday

Mark90
Mark90 reviewed Oct 24, 2024
View reviewed changes
oauth2_lib/fastapi.py
Comment on lines -171 to -174
id_token_extractor: IdTokenExtractor | None = None,
):
if not id_token_extractor:
self.id_token_extractor = HttpBearerExtractor()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe keep the kwarg in __init__ and when a value is passed log a (deprecation) warning instead?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great spot by you (@Igoranze): if a custom id_token_extractor is passed then it's not actually assigned to self.id_token_extractor so authenticate() raises an AttributeError when trying to call it.

The only way this can have worked for others is if they override authenticate() as well. So, we don't need to worry about backwards compatibility

Mark90
Mark90 approved these changes Oct 24, 2024
View reviewed changes
Copy link
Contributor

@Mark90 Mark90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice :)

torkashvand
torkashvand reviewed Oct 24, 2024
View reviewed changes
oauth2_lib/fastapi.py
if not extracted_id_token:
raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail="Not authenticated")
if not token:
raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail="Not authenticated")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you did this because the new WebSocket implementation passes the token in a header. Nice!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct :) And it no longer servers only for the websocket since that should not matter

@Igoranze Igoranze merged commit 0e3e5f4 into main Oct 24, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@torkashvand torkashvand torkashvand left review comments

@tjeerddie tjeerddie tjeerddie approved these changes

@pboers1988 pboers1988 pboers1988 approved these changes

@Mark90 Mark90 Mark90 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Igoranze @pboers1988 @torkashvand @Mark90 @tjeerddie