Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add explicit support for User/PW, client credentials and Bearer token oidc auth flows #101

Merged
merged 24 commits into from
Jan 31, 2023
Merged

Add explicit support for User/PW, client credentials and Bearer token oidc auth flows #101

merged 24 commits into from
Jan 31, 2023

Conversation

dirkkul
Copy link
Collaborator

@dirkkul dirkkul commented Dec 1, 2022
edited
Loading

… oidc auth flows

Before you could use all (most?) oauth methods by creating a oauth2.NewClient as described in the docs. However, creating this client isn't straight forward and you need to supply configuration values that we can get automatically from the weaviate oidc configuration.
(Before looking into the code I wasn't aware that this includes authentication methods other than supplying a token).

This PR adds a new NewConfig function, that creates an oauth2 client as part of the client configuration:

NewConfig(Host string, Scheme string, AuthConfig auth.Config, Headers map[string]string)

The possibilities for auth.Config are:

  • auth.BearerToken{AccessToken:*token*, ExpiresIn: *seconds*, RefreshToken:*token*}
  • auth.ResourceOwnerPasswordFlow{Username: *user*, Password: *pw*, scope:*scopes*}
  • auth.ClientCredentials{ClientSecret: *secret*, scopes: *scopes*}

To get a client with authentication enabled, use:

clientCredentialConf := auth.ResourceOwnerPasswordFlow{Username: "*user*", Password: *pw*}
cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(WCSPort), "http", clientCredentialConf, nil)
client := weaviate.New(*cfg)

and without:

cfg, err := weaviate.NewConfig("localhost:"+fmt.Sprint(WCSPort), "http", nil, nil)
client := weaviate.New(*cfg)

There are tests that test authenticating with a local weaviate and WCS, Okta and Azure as authentication providers.

@dirkkul dirkkul force-pushed the more_auth_methods branch 9 times, most recently from 2fbd547 to 4d83f8a Compare December 1, 2022 14:13
@dirkkul dirkkul changed the title Add explicit support for User/PW, client credentials and Bearer token… Add explicit support for User/PW, client credentials and Bearer token oidc auth flows Dec 1, 2022
parkerduckworth
parkerduckworth reviewed Dec 2, 2022
View reviewed changes
v4/weaviate/auth/auth.go Outdated Show resolved Hide resolved
v4/weaviate/auth/auth.go Outdated Show resolved Hide resolved
v4/weaviate/auth/auth.go Outdated Show resolved Hide resolved
v4/weaviate/auth/auth.go Outdated Show resolved Hide resolved
v4/test/auth/auth_test.go Outdated Show resolved Hide resolved
@dirkkul dirkkul force-pushed the more_auth_methods branch 2 times, most recently from f148701 to d531a08 Compare December 5, 2022 09:42
parkerduckworth
parkerduckworth reviewed Jan 26, 2023
View reviewed changes
v4/weaviate/auth/auth.go Outdated Show resolved Hide resolved
v4/weaviate/auth/auth.go Outdated Show resolved Hide resolved
parkerduckworth
parkerduckworth reviewed Jan 27, 2023
View reviewed changes
v4/test/auth/auth_test.go Outdated Show resolved Hide resolved
v4/test/testsuit/generics.go Outdated Show resolved Hide resolved
v4/weaviate/connection/rest.go Outdated Show resolved Hide resolved
v4/weaviate/connection/rest.go Outdated Show resolved Hide resolved
v4/weaviate/weaviate_client.go Outdated Show resolved Hide resolved
v4/weaviate/weaviate_client.go Outdated Show resolved Hide resolved
antas-marcin
antas-marcin reviewed Jan 30, 2023
View reviewed changes
v4/weaviate/connection/rest.go Outdated
}

timeToSleep := token.Expiry.Sub(time.Now()) - time.Second/10
time.Sleep(timeToSleep)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest to refactor this goroutine to use channels with ticker instead of sleep. it would make also a code a little bit more readable

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

refactored the goroutine a bit, please have another look

@parkerduckworth parkerduckworth merged commit 38d0af8 into main Jan 31, 2023
@parkerduckworth parkerduckworth deleted the more_auth_methods branch January 31, 2023 15:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antas-marcin antas-marcin antas-marcin approved these changes

@parkerduckworth parkerduckworth parkerduckworth approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dirkkul @antas-marcin @parkerduckworth