Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A few questions on OAuth and Airbyte Enterprise #79

Open
dschiavu opened this issue May 14, 2024 · 2 comments
Open

A few questions on OAuth and Airbyte Enterprise #79

dschiavu opened this issue May 14, 2024 · 2 comments

Comments

@dschiavu
Copy link

Hi,

A few questions:

Can this SDK be used against non-Cloud version of Airbyte, i.e. Airbyte OSS and Airbyte Enterprise?

I have noticed there is support for overriding the Airbase API base URL, but I don't see any support for OAuth, as used in the on-premise Airbyte Enterprise version.

Thanks,
Dan
@dschiavu
Copy link
Author

dschiavu commented May 15, 2024
edited
Loading

Following up on this one:

I can see now OAuth among the list of supported auth methods here: https://github.com/airbytehq/airbyte-api-python-sdk#per-client-security-schemes

However, I can't find any models.SchemeOAuth2 (as there is models.SchemeBasicAuth for HTTP Basic Auth, for example) to be able to pass the client credentials? Is OAuth actually supported as of now, or not fully yet?

Thanks,
Dan

@dschiavu
Copy link
Author

dschiavu commented May 16, 2024
edited
Loading

So, I've stepped thought the SDK code and realised there is no support there yet for the OAuth2 Client Credentials flow.

I did notice that the SDK will accept any Bearer token passed into the client_credentials parameter and append it to all the requests in their Authorization: Bearer <access_token HTTP header, however.

For example:

            self.client = airbyte_api.AirbyteAPI(
                server_url=server_url,
                security=models.Security(client_credentials=access_token)
            )

This is good, as I was able to retrieve the access_token myself using some custom code (a very simple operation), and simply pass it into the client, thus enabling me to use this SDK against my Airbyte Enterprise locally deployed instance, which uses OAuth2 authentication for its API.

This works, however other than the code looking very strange, it would be nice to have full OAuth2 support implemented in the SDK - not just the client_credentials flow, but also flow features such as the token refresh endpoint and similar. To implement this, and akin to the HttpBasicScheme, I'd suggest adding an OAuth2ClientCredentialsScheme data class, with fields such as tokenEndpoint, clientId, clientSecret, tokenRefreshEndpoint and similar, and then doing the OAuth2 Client Credentials flow dance in the SDK itself, including checking for the access token validity and refreshing it periodically, as needed.

So far, the default Airbyte Enterprise access token validity time is 10 hours, which works for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dschiavu