feat: FI-49 Add Mixpanel basic auth #14
Conversation
also parsed github oauth2 tokenResponse into proper json
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
There was a problem hiding this comment.
The purpose of this draft PR is to check if the general idea of the implementation of basic auth is correct; all the comments and docs were pasted over from existing files and are all wrong and should be ignored. I'll add docs and tests and linting and formatting after getting confirmation that the general idea is right...
| export type BasicAuthString = `basic-${string}`; | ||
|
|
||
| /** | ||
| * Represents the client credential for Basic HTTP Authentication. |
There was a problem hiding this comment.
I found that in OAuth2, ICredentials may not a good name, it should be like IClientCredentials or sth
There was a problem hiding this comment.
is IClientCredentials meant to be shared with other types of auth, like Basic Auth?
| * @property {number} [tokenRefreshBuffer] - Time in seconds before expiration to refresh the token. | ||
| * @property {{ [key: string]: string }} [callbackUriParams] - Optional additional parameters for the callback URI. | ||
| */ | ||
| export interface BasicAuthProvider { |
| * @property {string} callbackUri - The URI for the OAuth2 callback after authentication. | ||
| * @property {{ [key: string]: string }} [callbackUriParams] - Optional additional parameters for the callback URI. | ||
| */ | ||
| export interface BasicAuthConfig { |
There was a problem hiding this comment.
I found that name in OAuth may be confused, actually BasicAuthConfig cannot store pw and username
There was a problem hiding this comment.
The pw and username are the service account username and secret; I thought that's the credential we're supposed to put in .env (like the clientId and client secret of OAuth)? The authenticate() method basically just verifies it, and the verify() method retrieves an expiration date (generally service accounts don't expire so it would be null most of the time) and some other info. We should discuss it tmr, I'm a bit confused lol
There was a problem hiding this comment.
we will store PW and username in db, actually in OAuth 2, we still store credentials in db, however the interface name ICredential in OAuth is confused, I have made a new PR to change it
...ms/src/external-auth-integration/auth-providers/basic-auth/mixpanel/v1/mixpanel.v1.config.ts
Show resolved
Hide resolved
| authenticateUrl: "https://mixpanel.com/api/app/me", | ||
| verifyUrl: "https://mixpanel.com/api/app/organizations/{organizationId}/service-accounts", | ||
| }, | ||
| credential: { username: process.env.MIXPANEL_V1_BASIC_USERNAME, password: process.env.MIXPANEL_V1_BASIC_PASSWORD }, |
There was a problem hiding this comment.
rm credential: { username: process.env.MIXPANEL_V1_BASIC_USERNAME, password: process.env.MIXPANEL_V1_BASIC_PASSWORD }, as previous described
| * @param _accessToken | ||
| * @returns {Promise<any>} The response from the token verification endpoint. | ||
| */ | ||
| async verify(): Promise<BasicAuthVerificationResponse> { |
There was a problem hiding this comment.
Looks good, i am not sure why verify is calling authenticate again?
There was a problem hiding this comment.
it calls authenticate() for now to get organizationId (required parameter in verifyUrl); I was thinking maybe storing organizationId to Postgres after calling authenticate() for the first time; I wasn't sure if we've finished database integration... lmk what you think
There was a problem hiding this comment.
yes, we have db but it is not flexible. I am going to change recently
@core/cms/src/external-auth-integration/auth-providers/oauth2/github/v1/github.v1.service.ts
Show resolved
Hide resolved
|
@ybw0014 What do you think? |
ybw0014
left a comment
ybw0014
left a comment
There was a problem hiding this comment.
resolve merge conflicts
ybw0014
left a comment
ybw0014
left a comment
There was a problem hiding this comment.
The username and password should be provided by the user. They should be passed to authenticate(), and we really need to rewrite this method to include DTO, that carries required info.
For oauth providers, the dto only need to have the userId.
For basic auth providers, the dto also need to have the username and password.
And for the future access key, the dto need to have the access key.
| @@ -8,18 +8,24 @@ import { CreateCredentialDto } from "./database-integration/dto/create-credentia | |||
| import { ValidateCredentialPipe } from "./common/pipes/validate-credential.pipe"; | |||
| import { ExternalAuthIntegrationService } from "./external-auth-integration/external-auth-integration.service"; | |||
|
|
|||
| import { BasicAuthString } from "~/external-auth-integration/auth-providers/basic-auth/@types"; | ||
|
|
||
| export class BasicAuthVerifyDto { | ||
| providerKey: BasicAuthString; | ||
| } |
There was a problem hiding this comment.
can just extend BasicAuthDto to reduce duplicated code
| /** | ||
| * This interface represents an OAuth 2.0 provider. | ||
| */ | ||
| export interface IBasicAuth { | ||
| /** | ||
| * Returns the authentication URL for the OAuth provider. | ||
| */ | ||
| authenticate(): Promise<any>; | ||
|
|
||
| /** | ||
| * Verify the access token. | ||
| * However, the OAuth 2.0 spec (RFC 6749) doesn't clearly define the interaction between a Resource Server (RS) and Authorization Server (AS) for access token (AT) validation. | ||
| * @param accessToken The access token. | ||
| */ | ||
| verify?(): Promise<any>; | ||
| } |
3 participants
Describe your changes
(haven't encrypted yet, will do later)
(will add/update docs and tests after a preliminary review)
Issue ticket number and link
FI-49
https://catting.atlassian.net/browse/FI-49?atlOrigin=eyJpIjoiNDk0ZDhiOGQ2ZGQyNDc2MjlhZDA1MWQwMGQ3YTUxYmYiLCJwIjoiaiJ9
Checklist before requesting a review