Implement OAuth device code flow #32

nathanthorpe · 2022-09-12T21:18:08Z

Implements the device code authorization flow allowing federated users / MFAd users to sign in, doesn't need your username and password.
pubweb-cli configure now asks you what authorization method you want
Allow user to cache their auth so they don't have to re-log in (uses refresh token)
Saves token info encrypted using Data Protection API, Keychain, or LibSecret depending on what OS you have
Refactor configuration class and default auth method initialization
Add lock around the get_token method and reuse Request Auth Wrapper
Add client information in user-agent header to track versions

…apper out for reuse, add lock on get_token

# Conflicts: # pubweb/__init__.py # pubweb/api/auth/iam.py # pubweb/api/auth/oauth_client.py # pubweb/api/auth/username.py # pubweb/api/clients/api.py # pubweb/api/clients/portal.py # pubweb/api/models/dataset.py # pubweb/api/models/file.py # pubweb/api/services/base.py # pubweb/api/services/file.py # pubweb/auth/__init__.py # pubweb/cli/controller.py # pubweb/models/project.py # setup.py

sminot

I wish I had more constructive things to add! From what little I can understand, it looks good to me.

sminot · 2022-11-29T19:49:58Z

pubweb/api/config.py

+class Constants:
+    home = os.environ.get('PW_HOME', '~/.pubweb')
+    config_path = Path(home, 'config.ini').expanduser()
+    default_base_url = "pubweb.cloud"


Should this be configurable as an environment variable?

sminot · 2022-11-29T19:50:55Z

pubweb/api/config.py

+        ini_config.read(str(Constants.config_path.absolute()))
+        main_config = ini_config['General']
+        auth_method = main_config.get('auth_method')
+        base_url = (os.environ.get('PW_BASE_URL') or


Oh I see, it is configurable here. I suppose I expected it to follow the same pattern as PW_HOME but now I see it doesn't need to

sminot · 2022-11-29T19:51:18Z

pubweb/api/config.py

+        self.auth_endpoint = f'https://api.{self.base_url}/auth'

+        try:
+            info_resp = requests.get(f'{self.rest_endpoint}/info/system')


We have a rest endpoint?

Yeah but it only has like 2 functions

sminot · 2022-11-29T19:52:14Z

setup.py

    "jsonschema>=4.6.1",
    "s3fs==0.4.2",
-    "fsspec==2022.10.0"
+    "fsspec==2022.10.0",


I keep having a hard time installing the package. Do the versions all have to be so explicitly hardcoded?

Ah ok yeah I'll fix that

shanosborne · 2022-11-29T20:41:39Z

pubweb/cli/controller.py

-from pubweb.api.config import AuthConfig, save_config, load_config
-from pubweb.file_utils import get_files_in_directory, check_dataset_files
+from pubweb.file_utils import check_dataset_files
+from pubweb.file_utils import get_files_in_directory


What was the reason for splitting these 2 imports apart?

no probably a merge artifact

nathanthorpe added 10 commits August 31, 2022 15:46

initial device code flow implementation

b6ebe2a

set up token cache for device code flow

0c54952

implment time out check

a1d9966

Merge branch 'main' into device_code_flow

a309bb1

progress

9b34eca

complete device code implementation

237dcf1

cleanup, refactor configuration for new auth methods, move request wr…

ed98aba

…apper out for reuse, add lock on get_token

add user agent header to api calls

6a75d74

add references bucket

bbe7a7a

allow automatically discovering iam creds

628d92e

nathanthorpe requested review from shanosborne and sminot September 13, 2022 14:10

nathanthorpe linked an issue Sep 14, 2022 that may be closed by this pull request

Allow authentication for federated users #2

Closed

nathanthorpe and others added 6 commits September 15, 2022 09:59

update configure question text

61e8144

update endpoint

6512499

change error message

e62380e

implement dynamic configuration from base url

6c134bf

Token should be a string for keystring persistence

ae85c72

override name in keychain

31507ea

nathanthorpe linked an issue Oct 21, 2022 that may be closed by this pull request

Dynamic configuration based on a BASE URL property #33

Closed

nathanthorpe added 4 commits November 7, 2022 15:56

merge fixes

4eef654

fix imports

377c7f9

set python version for sonar scan

8d0c7c3

sminot approved these changes Nov 29, 2022

View reviewed changes

shanosborne approved these changes Nov 29, 2022

View reviewed changes

nathanthorpe added 2 commits November 30, 2022 11:56

PR review comments, add environment vars to README

ea975ac

relax pip requirements

7f97243

nathanthorpe merged commit 5c87507 into main Nov 30, 2022

nathanthorpe deleted the device_code_flow branch November 30, 2022 20:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Implement OAuth device code flow #32

Implement OAuth device code flow #32

Uh oh!

nathanthorpe commented Sep 12, 2022 •

edited

Loading

Uh oh!

sminot left a comment

Uh oh!

sminot Nov 29, 2022

Uh oh!

sminot Nov 29, 2022

Uh oh!

sminot Nov 29, 2022

Uh oh!

nathanthorpe Nov 29, 2022

Uh oh!

sminot Nov 29, 2022

Uh oh!

nathanthorpe Nov 29, 2022

Uh oh!

shanosborne Nov 29, 2022

Uh oh!

nathanthorpe Nov 29, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Implement OAuth device code flow #32

Implement OAuth device code flow #32

Uh oh!

Conversation

nathanthorpe commented Sep 12, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sminot left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

nathanthorpe commented Sep 12, 2022 •

edited

Loading