-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modify oauthSpecification to allow working with oneOfs #6456
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sherifnada @ChristopheDuong why do we need a rootObject
field? why not just use the fully qualified path in oauthFlowInitParameters
and oauthFlowOutputParameters
. you've structured those fields as arrays of arrays anyway.
the root object is enforcing that all oauth params have a common parent. Effectively it helps the UI know when to show the oauth button in case auth lives inside a oneOf block @sherifnada , do we need to publish changes to protocol in some docker images?
|
What
While working on oauth UI/BE interface, we realized the current
authSpecification
block is insufficiently expressive to encode situations where the oauth credentials live inside aoneOf
block. For example, if there is aoneOf
block like the following:Then the current
authSpecification
primitive:has some problems:
oneOf
(or any combination keyword). For example, if there are two slightly different oauth blocks inside aoneOf
(e.g: if one can be obtained via the Oauth webflow and the other via an oauth playground that doesn't require a developer app) then there can be name collisions that make it impossible to know when the UI should display the "authorize" button or not.This leaves us with a few options:
oneOf
case now via one of the following optionsconnectionSpecification
directly e.g:rootObject
which tells us which object contains the oauth logic. This way, if the object is ever used inside aoneOf
then a UI understands that when this object is selected, the "authorize" button should be shown.The tradeoffs between the approaches are:
I'm honestly not sure exactly what the right solution is. I like inlining for the reason mentioned above (more natural way to express things). But
at the same time, inlining doesn't actually give us multiple auth mechanisms (the assumptions baked in the API/UI are that there is only ever one oauth implementation) so it's probably not worth completely changing course to half-implement a feature. Since all of these are two way doors so I'm choosing something and we'll probably have to come back to adjust it in the future.
How
This PR Takes approach 2.ii
Recommended reading order
config.yaml
/airbyte_protocol.yaml
(they're the same change expressed in both the protocol and the API layer)