✨ Source Facebook-Marketing: Add Selectable Auth #37625
Conversation
…anges to solve build issues, and changes to solve unit testing issues.
…e config. Updated version to reflect Airbyte versioning standard (this use case is a major version upgrade due to configuration of credentials needed to be changed)
…ebook-marketing-selectable-auth
…ebook-marketing-selectable-auth' into JohnMikkelsonOvative/feature-facebook-marketing-selectable-auth
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
JohnMikkelsonOvative
had a problem deploying
to
community-ci
GitHub Actions
Error
|
|
octavia-squidington-iii
added
area/connectors
|
During the migration to |
…eting-selectable-auth
JohnMikkelsonOvative
had a problem deploying
to
community-ci
GitHub Actions
Error
…eting-selectable-auth
marcosmarxm
had a problem deploying
to
community-ci
GitHub Actions
Failure
There was a problem hiding this comment.
Thanks for the contribution @JohnMikkelsonOvative. It was added to the Connector team backlog and it will be reviewed in future sprint. I'll check with the project manager a timeline to make aware, ask your patience until the moment of the review. As this impact in a critical connector the review can take some time and have some back and forward, the goal is to introduce new features with the lower impact possible. In any time, feel free to reach me out in Slack or ping here to get update about the review process.
| @@ -95,7 +95,10 @@ def check_connection(self, logger: logging.Logger, config: Mapping[str, Any]) -> | |||
| if config.start_date and config.end_date < config.start_date: | |||
| return False, "End date must be equal or after start date." | |||
|
|
|||
| api = API(access_token=config.access_token, page_size=config.page_size) | |||
| if config.credentials.auth_type == 'Client': | |||
There was a problem hiding this comment.
Just small suggestion is to use maybe Enum class to represent the auth type value.
| @@ -2,5 +2,8 @@ | |||
| "start_date": "2020-09-25T00:00:00Z", | |||
| "end_date": "2021-01-01T00:00:00Z", | |||
| "account_id": "<YOUR_ACCOUNT_ID_HERE>", | |||
| "access_token": "<YOUR_TOKEN_HERE>" | |||
| "credentials": { | |||
There was a problem hiding this comment.
- This change will be a breaking change for all of the existing customers.
- We should use the
config migrationto allow the existing Customers to continue using the existing credentials rather than forcing everyone to upgrade. - This will also touch the way the
OAuth2.0works now, because it returns the obtained credentials to the root of theconfig, here, thus this method should be removed from the flow because thedefaultmethod returns the obtainedaccess_token/refresh_tokenunder thecredentialsobject, which is exactly what the new flow will require.
| oauth_config_specification=OAuthConfigSpecification( | ||
| complete_oauth_output_specification={ | ||
| "type": "object", | ||
| "properties": { | ||
| "access_token": { | ||
| "type": "string", | ||
| "path_in_connector_config": ["access_token"], | ||
| "path_in_connector_config": ["credentials", "access_token"], |
There was a problem hiding this comment.
There is no backward compatibility for the existing Customers, we should be able to handle the access_token from the root level of the config, alongside the new credentials.access_token path.
| @@ -95,7 +95,10 @@ def check_connection(self, logger: logging.Logger, config: Mapping[str, Any]) -> | |||
| if config.start_date and config.end_date < config.start_date: | |||
| return False, "End date must be equal or after start date." | |||
|
|
|||
| api = API(access_token=config.access_token, page_size=config.page_size) | |||
| if config.credentials.auth_type == 'Client': | |||
| api = API(access_token=config.credentials.refresh_token, page_size=config.page_size) | |||
There was a problem hiding this comment.
Why the refresh_token is addressed here? Where we use it in the code?
There was a problem hiding this comment.
The OAuth flow, will return the access_token only.
Based on this line of code
| @@ -25,7 +25,10 @@ class ConfigBuilder: | |||
| def __init__(self) -> None: | |||
| self._config: MutableMapping[str, Any] = { | |||
| "account_ids": [ACCOUNT_ID], | |||
| "access_token": ACCESS_TOKEN, | |||
| "credentials": { | |||
There was a problem hiding this comment.
There is no need to replace the tests, but extend them with the new functionality, using parametrized test case. With this changes, we loose the backward compatibility tests for the existing Customers.
| description="Client Secret for the Facebook Marketing API", | ||
| airbyte_secret=True, | ||
| ) | ||
| refresh_token: str = Field( |
There was a problem hiding this comment.
The OAuth2.0 Flow doesn't return the refresh_token, could you please refer to the official doc, where this is possible? Thank you.
There was a problem hiding this comment.
Requesting changes, because this change will break the existing Customers.
The path should look like this:
- Support both
oldandnewway of authentication to cover the existing Customers - Write the test cases for both scenarios
- Make it possible to migrate existing customers to use the
newway of authentication by applying theconfig migration, see the example in the/config_migrations.py - Release this update (at this point, all existing Customers are covered with the config_migration, this will allow to win the time, before we update the OAuth Flow for the platform side, here by removing this method.
- Done; the platform will return the
access_tokenback to thecredentials.access_tokenas expected after point4is released, which means we are good to go with the new authentication way of things.
|
@bazarnov For my personal knowledge, what does removing getDefaultOAuthOutputPath do? It is also deprecated in the interface which seems like we should move away from that |
You've looked to the wrong place, see this |
|
We can safely move away from using this method, once the |
|
Note that this method is in |
We can add the existing method from the base class to all of the other Facebook-related OAuth flows to keep them running |
|
@cmm-airbyte Could you please fix the conflicts and ensure we pass the CAT successfully before this is finally approved? Thanks. UPDATE: dismiss this comment, because I missed the fact we work on this within another PR: #38304 |
What
The Source Facebook Marketing Connector does not allow for choosing between providing an access token or using oauth, it only allows for users to define a source connection by following an oauth flow. This does not allow for use-cases in which a large organization may provision an access token to be used to authenticate to the Facebook Marketing data, rather than giving a user's personal Facebook account access.
How
The
specdefines acredentialsfield that is a union between newly createdOAuthCredentialsandServiceAccountCredentials. This allows for the user to select between using the Oauth flow and inserting Service Account Credentials.Review guide
User Impact
The user is able to select between using the Oauth flow and inserting Service Account Credentials when setting up the Facebook Marketing Source.
Can this PR be safely reverted and rolled back?