Skip to content

Commit

Permalink
Add auth config to oauth api (#7798)
Browse files Browse the repository at this point in the history
* Change OAuth API

* Change protocol for new OAuth Spec (#7827)

* Add examples

* Add protocol object to api too

Co-authored-by: Sherif A. Nada <snadalive@gmail.com>
  • Loading branch information
ChristopheDuong and sherifnada authored Nov 15, 2021
1 parent 3a0eaaf commit cdb476e
Show file tree
Hide file tree
Showing 7 changed files with 395 additions and 33 deletions.
3 changes: 3 additions & 0 deletions airbyte-api/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ task generateApiServer(type: GenerateTask) {
modelPackage = "io.airbyte.api.model"

importMappings = [
'OAuthConfiguration' : 'com.fasterxml.jackson.databind.JsonNode',
'SourceDefinitionSpecification' : 'com.fasterxml.jackson.databind.JsonNode',
'SourceConfiguration' : 'com.fasterxml.jackson.databind.JsonNode',
'DestinationDefinitionSpecification': 'com.fasterxml.jackson.databind.JsonNode',
Expand Down Expand Up @@ -55,6 +56,7 @@ task generateApiClient(type: GenerateTask) {
modelPackage = "io.airbyte.api.client.model"

importMappings = [
'OAuthConfiguration' : 'com.fasterxml.jackson.databind.JsonNode',
'SourceDefinitionSpecification' : 'com.fasterxml.jackson.databind.JsonNode',
'SourceConfiguration' : 'com.fasterxml.jackson.databind.JsonNode',
'DestinationDefinitionSpecification': 'com.fasterxml.jackson.databind.JsonNode',
Expand Down Expand Up @@ -87,6 +89,7 @@ task generateApiDocs(type: GenerateTask) {
modelPackage = "io.airbyte.api.client.model"

importMappings = [
'OAuthConfiguration' : 'com.fasterxml.jackson.databind.JsonNode',
'SourceDefinitionSpecification' : 'com.fasterxml.jackson.databind.JsonNode',
'SourceConfiguration' : 'com.fasterxml.jackson.databind.JsonNode',
'DestinationDefinitionSpecification': 'com.fasterxml.jackson.databind.JsonNode',
Expand Down
127 changes: 124 additions & 3 deletions airbyte-api/src/main/openapi/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1311,7 +1311,7 @@ paths:
content:
application/json:
schema:
$ref: "#/components/schemas/CompleteOauthResponse"
$ref: "#/components/schemas/CompleteOAuthResponse"
"404":
$ref: "#/components/responses/NotFoundResponse"
"422":
Expand Down Expand Up @@ -1357,7 +1357,7 @@ paths:
content:
application/json:
schema:
$ref: "#/components/schemas/CompleteOauthResponse"
$ref: "#/components/schemas/CompleteOAuthResponse"
"404":
$ref: "#/components/responses/NotFoundResponse"
"422":
Expand Down Expand Up @@ -2066,6 +2066,8 @@ components:
$ref: "#/components/schemas/SourceDefinitionSpecification"
authSpecification:
$ref: "#/components/schemas/SourceAuthSpecification"
advancedAuth:
$ref: "#/components/schemas/AdvancedAuth"
jobInfo:
$ref: "#/components/schemas/SynchronousJobRead"
# SOURCE
Expand Down Expand Up @@ -2268,6 +2270,8 @@ components:
$ref: "#/components/schemas/DestinationDefinitionSpecification"
authSpecification:
$ref: "#/components/schemas/DestinationAuthSpecification"
advancedAuth:
$ref: "#/components/schemas/AdvancedAuth"
jobInfo:
$ref: "#/components/schemas/SynchronousJobRead"
supportedDestinationSyncModes:
Expand Down Expand Up @@ -3227,6 +3231,115 @@ components:
items:
$ref: "#/components/schemas/DbMigrationRead"
# OAuth
OAuthConfiguration:
description: OAuth specific blob.
OAuthInputConfiguration:
description: The values required to configure OAuth flows.
The schema for this must match the `OAuthConfigSpecification.oauthUserInputFromConnectorConfigSpecification` schema.
$ref: "#/components/schemas/OAuthConfiguration"
AdvancedAuth:
type: object
properties:
authFlowType:
type: string
enum: ["oauth2.0", "oauth1.0"]
predicateKey:
description: Json Path to a field in the connectorSpecification that should exist for the advanced auth to be applicable.
type: array
items:
type: string
predicateValue:
description: Value of the predicate_key fields for the advanced auth to be applicable.
type: string
oauthConfigSpecification:
"$ref": "#/components/schemas/OAuthConfigSpecification"
OAuthConfigSpecification:
type: object
properties:
oauthUserInputFromConnectorConfigSpecification:
description: |-
OAuth specific blob. This is a Json Schema used to validate Json configurations used as input to OAuth.
Must be a valid non-nested JSON that refers to properties from ConnectorSpecification.connectionSpecification
using special annotation 'path_in_connector_config'.
These are input values the user is entering through the UI to authenticate to the connector, that might also shared
as inputs for syncing data via the connector.
Examples:
if no connector values is shared during oauth flow, oauth_user_input_from_connector_config_specification=[]
if connector values such as 'app_id' inside the top level are used to generate the API url for the oauth flow,
oauth_user_input_from_connector_config_specification={
app_id: {
type: string
path_in_connector_config: ['app_id']
}
}
if connector values such as 'info.app_id' nested inside another object are used to generate the API url for the oauth flow,
oauth_user_input_from_connector_config_specification={
app_id: {
type: string
path_in_connector_config: ['info', 'app_id']
}
}
$ref: "#/components/schemas/OAuthConfiguration"
completeOAuthOutputSpecification:
description: |-
OAuth specific blob. This is a Json Schema used to validate Json configurations produced by the OAuth flows as they are
returned by the distant OAuth APIs.
Must be a valid JSON describing the fields to merge back to `ConnectorSpecification.connectionSpecification`.
For each field, a special annotation `path_in_connector_config` can be specified to determine where to merge it,
Examples:
complete_oauth_output_specification={
refresh_token: {
type: string,
path_in_connector_config: ['credentials', 'refresh_token']
}
}
$ref: "#/components/schemas/OAuthConfiguration"
completeOAuthServerInputSpecification:
description: |-
OAuth specific blob. This is a Json Schema used to validate Json configurations persisted as Airbyte Server configurations.
Must be a valid non-nested JSON describing additional fields configured by the Airbyte Instance or Workspace Admins to be used by the
server when completing an OAuth flow (typically exchanging an auth code for refresh token).
Examples:
complete_oauth_server_input_specification={
client_id: {
type: string
},
client_secret: {
type: string
}
}
$ref: "#/components/schemas/OAuthConfiguration"
completeOAuthServerOutputSpecification:
description: |-
OAuth specific blob. This is a Json Schema used to validate Json configurations persisted as Airbyte Server configurations that
also need to be merged back into the connector configuration at runtime.
This is a subset configuration of `complete_oauth_server_input_specification` that filters fields out to retain only the ones that
are necessary for the connector to function with OAuth. (some fields could be used during oauth flows but not needed afterwards, therefore
they would be listed in the `complete_oauth_server_input_specification` but not `complete_oauth_server_output_specification`)
Must be a valid non-nested JSON describing additional fields configured by the Airbyte Instance or Workspace Admins to be used by the
connector when using OAuth flow APIs.
These fields are to be merged back to `ConnectorSpecification.connectionSpecification`.
For each field, a special annotation `path_in_connector_config` can be specified to determine where to merge it,
Examples:
complete_oauth_server_output_specification={
client_id: {
type: string,
path_in_connector_config: ['credentials', 'client_id']
},
client_secret: {
type: string,
path_in_connector_config: ['credentials', 'client_secret']
}
}
$ref: "#/components/schemas/OAuthConfiguration"
SourceOauthConsentRequest:
type: object
required:
Expand All @@ -3241,6 +3354,8 @@ components:
redirectUrl:
description: The url to redirect to after getting the user consent
type: string
oAuthInputConfiguration:
$ref: "#/components/schemas/OAuthInputConfiguration"
DestinationOauthConsentRequest:
type: object
required:
Expand All @@ -3255,6 +3370,8 @@ components:
redirectUrl:
description: The url to redirect to after getting the user consent
type: string
oAuthInputConfiguration:
$ref: "#/components/schemas/OAuthInputConfiguration"
OAuthConsentRead:
type: object
required:
Expand All @@ -3279,6 +3396,8 @@ components:
description: The query parameters present in the redirect URL after a user granted consent e.g auth code
type: object
additionalProperties: true # Oauth parameters like code, state, etc.. will be different per API so we don't specify them in advance
oAuthInputConfiguration:
$ref: "#/components/schemas/OAuthInputConfiguration"
CompleteDestinationOAuthRequest:
type: object
required:
Expand All @@ -3296,7 +3415,9 @@ components:
description: The query parameters present in the redirect URL after a user granted consent e.g auth code
type: object
additionalProperties: true # Oauth parameters like code, state, etc.. will be different per API so we don't specify them in advance
CompleteOauthResponse:
oAuthInputConfiguration:
$ref: "#/components/schemas/OAuthInputConfiguration"
CompleteOAuthResponse:
type: object
additionalProperties: true # Oauth parameters like refresh/access token etc.. will be different per API so we don't specify them in advance
SetInstancewideSourceOauthParamsRequestBody:
Expand Down
69 changes: 55 additions & 14 deletions airbyte-cdk/python/airbyte_cdk/models/airbyte_protocol.py
Original file line number Diff line number Diff line change
Expand Up @@ -113,23 +113,28 @@ class AuthSpecification(BaseModel):
)


class ConnectorSpecification(BaseModel):
class Config:
extra = Extra.allow
class AuthFlowType(Enum):
oauth1_0 = "oauth1.0"
oauth2_0 = "oauth2.0"

documentationUrl: Optional[AnyUrl] = None
changelogUrl: Optional[AnyUrl] = None
connectionSpecification: Dict[str, Any] = Field(
...,
description="ConnectorDefinition specific blob. Must be a valid JSON string.",

class OAuthConfigSpecification(BaseModel):
oauth_user_input_from_connector_config_specification: Optional[Dict[str, Any]] = Field(
None,
description="OAuth specific blob. This is a Json Schema used to validate Json configurations used as input to OAuth.\nMust be a valid non-nested JSON that refers to properties from ConnectorSpecification.connectionSpecification\nusing special annotation 'path_in_connector_config'.\nThese are input values the user is entering through the UI to authenticate to the connector, that might also shared\nas inputs for syncing data via the connector.\n\nExamples:\n\nif no connector values is shared during oauth flow, oauth_user_input_from_connector_config_specification=[]\nif connector values such as 'app_id' inside the top level are used to generate the API url for the oauth flow,\n oauth_user_input_from_connector_config_specification={\n app_id: {\n type: string\n path_in_connector_config: ['app_id']\n }\n }\nif connector values such as 'info.app_id' nested inside another object are used to generate the API url for the oauth flow,\n oauth_user_input_from_connector_config_specification={\n app_id: {\n type: string\n path_in_connector_config: ['info', 'app_id']\n }\n }",
)
supportsIncremental: Optional[bool] = Field(None, description="If the connector supports incremental mode or not.")
supportsNormalization: Optional[bool] = Field(False, description="If the connector supports normalization or not.")
supportsDBT: Optional[bool] = Field(False, description="If the connector supports DBT or not.")
supported_destination_sync_modes: Optional[List[DestinationSyncMode]] = Field(
None, description="List of destination sync modes supported by the connector"
complete_oauth_output_specification: Optional[Dict[str, Any]] = Field(
None,
description="OAuth specific blob. This is a Json Schema used to validate Json configurations produced by the OAuth flows as they are\nreturned by the distant OAuth APIs.\nMust be a valid JSON describing the fields to merge back to `ConnectorSpecification.connectionSpecification`.\nFor each field, a special annotation `path_in_connector_config` can be specified to determine where to merge it,\n\nExamples:\n\n complete_oauth_output_specification={\n refresh_token: {\n type: string,\n path_in_connector_config: ['credentials', 'refresh_token']\n }\n }",
)
complete_oauth_server_input_specification: Optional[Dict[str, Any]] = Field(
None,
description="OAuth specific blob. This is a Json Schema used to validate Json configurations persisted as Airbyte Server configurations.\nMust be a valid non-nested JSON describing additional fields configured by the Airbyte Instance or Workspace Admins to be used by the\nserver when completing an OAuth flow (typically exchanging an auth code for refresh token).\n\nExamples:\n\n complete_oauth_server_input_specification={\n client_id: {\n type: string\n },\n client_secret: {\n type: string\n }\n }",
)
complete_oauth_server_output_specification: Optional[Dict[str, Any]] = Field(
None,
description="OAuth specific blob. This is a Json Schema used to validate Json configurations persisted as Airbyte Server configurations that\nalso need to be merged back into the connector configuration at runtime.\nThis is a subset configuration of `complete_oauth_server_input_specification` that filters fields out to retain only the ones that\nare necessary for the connector to function with OAuth. (some fields could be used during oauth flows but not needed afterwards, therefore\nthey would be listed in the `complete_oauth_server_input_specification` but not `complete_oauth_server_output_specification`)\nMust be a valid non-nested JSON describing additional fields configured by the Airbyte Instance or Workspace Admins to be used by the\nconnector when using OAuth flow APIs.\nThese fields are to be merged back to `ConnectorSpecification.connectionSpecification`.\nFor each field, a special annotation `path_in_connector_config` can be specified to determine where to merge it,\n\nExamples:\n\n complete_oauth_server_output_specification={\n client_id: {\n type: string,\n path_in_connector_config: ['credentials', 'client_id']\n },\n client_secret: {\n type: string,\n path_in_connector_config: ['credentials', 'client_secret']\n }\n }",
)
authSpecification: Optional[AuthSpecification] = None


class AirbyteStream(BaseModel):
Expand Down Expand Up @@ -174,6 +179,42 @@ class Config:
)


class AdvancedAuth(BaseModel):
auth_flow_type: Optional[AuthFlowType] = None
predicate_key: Optional[List[str]] = Field(
None,
description="Json Path to a field in the connectorSpecification that should exist for the advanced auth to be applicable.",
)
predicate_value: Optional[str] = Field(
None,
description="Value of the predicate_key fields for the advanced auth to be applicable.",
)
oauth_config_specification: Optional[OAuthConfigSpecification] = None


class ConnectorSpecification(BaseModel):
class Config:
extra = Extra.allow

documentationUrl: Optional[AnyUrl] = None
changelogUrl: Optional[AnyUrl] = None
connectionSpecification: Dict[str, Any] = Field(
...,
description="ConnectorDefinition specific blob. Must be a valid JSON string.",
)
supportsIncremental: Optional[bool] = Field(None, description="If the connector supports incremental mode or not.")
supportsNormalization: Optional[bool] = Field(False, description="If the connector supports normalization or not.")
supportsDBT: Optional[bool] = Field(False, description="If the connector supports DBT or not.")
supported_destination_sync_modes: Optional[List[DestinationSyncMode]] = Field(
None, description="List of destination sync modes supported by the connector"
)
authSpecification: Optional[AuthSpecification] = Field(None, description="deprecated, switching to advanced_auth instead")
advanced_auth: Optional[AdvancedAuth] = Field(
None,
description="Additional and optional specification object to describe what an 'advanced' Auth flow would need to function.\n - A connector should be able to fully function with the configuration as described by the ConnectorSpecification in a 'basic' mode.\n - The 'advanced' mode provides easier UX for the user with UI improvements and automations. However, this requires further setup on the\n server side by instance or workspace admins beforehand. The trade-off is that the user does not have to provide as many technical\n inputs anymore and the auth process is faster and easier to complete.",
)


class AirbyteCatalog(BaseModel):
class Config:
extra = Extra.allow
Expand Down
Loading

0 comments on commit cdb476e

Please sign in to comment.