-
Notifications
You must be signed in to change notification settings - Fork 343
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: define provider based on auth backends #4539
refactor: define provider based on auth backends #4539
Conversation
for more information, see https://pre-commit.ci
3d428ae
to
6170fd0
Compare
The URL of the deployed environment for this PR is https://argilla-quickstart-pr-4539-ki24f765kq-no.a.run.app |
Encryption algorithm for token data | ||
|
||
token_expiration_in_minutes: | ||
The session token expiration in minutes. Default=30000 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The session token expiration in minutes. Default=30000 | |
The session token expiration in minutes. Default=15 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an old comment. I will update it.
api_key: str = await self.scheme(request) | ||
|
||
if not api_key: | ||
return None |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
api_key: str = await self.scheme(request) | |
if not api_key: | |
return None | |
api_key: str = await self.scheme(request) | |
if not api_key: | |
return None |
db = request.state.db | ||
user = await accounts.get_user_by_api_key(db, api_key=api_key) | ||
|
||
if not user: | ||
return None |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
db = request.state.db | |
user = await accounts.get_user_by_api_key(db, api_key=api_key) | |
if not user: | |
return None | |
user = await accounts.get_user_by_api_key(request.state.db, api_key=api_key) | |
if not user: | |
return None |
return None | ||
|
||
return AuthCredentials(["authenticated"]), UserInfo( | ||
username=user.username, name=user.full_name, role=user.role, identity=str(user.id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
username=user.username, name=user.full_name, role=user.role, identity=str(user.id) | |
identity=str(user.id), username=user.username, name=user.full_name, role=user.role |
credentials = await self.scheme(request) | ||
|
||
if not credentials: | ||
return None |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
credentials = await self.scheme(request) | |
if not credentials: | |
return None | |
credentials = await self.scheme(request) | |
if not credentials: | |
return None |
if v is not None: | ||
return v | ||
return values["token_expiration_in_minutes"] * 60 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if v is not None: | |
return v | |
return values["token_expiration_in_minutes"] * 60 | |
if v is not None: | |
return v | |
return values["token_expiration_in_minutes"] * 60 |
secret_key: str = uuid4().hex | ||
algorithm: str = "HS256" | ||
|
||
token_expiration_in_minutes: int = 15 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a really small default expiration. Do we have any good reason to set such a small expiration time?
algorithm: str = "HS256" | ||
|
||
token_expiration_in_minutes: int = 15 | ||
token_expiration: Optional[int] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's a little bit confusing to have a token_expiration_in_minutes
and at the same time token_expiration
. I believe we should go for only token_expiration
(using seconds) to avoid unnecessary complex scenarios (for example specifying values to the two settings at the same time).
ea37b2a
to
ee4953c
Compare
3930b23
to
816ef60
Compare
for more information, see https://pre-commit.ci
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fine to me (apart from the too small expiration time default value that we discussed).
…hub.com:argilla-io/argilla into refactor/define-provider-based-on-auth-backends
…4639) # Description I'm proposing to add a mention to the var `ARGILLA_AUTH_SECRET_KEY` introduced in #4539 to the `docker-compose`-related documentation in docs/_source/getting_started/installation/deployments/docker_compose.md As far as I am aware, that env var needs to be set in order to run the service in docker-compose. It's a small edit, I didn't create (yet) an issue for this. - [x] Documentation update **How Has This Been Tested** - [ ] `sphinx-autobuild` I didn't run sphinx! I had troubles w/ cloning, will update this as soon as I can **Checklist** - [x] I added relevant documentation - [ ] I followed the style guidelines of this project - [ ] I did a self-review of my code - [ ] I made corresponding changes to the documentation - [ ] My changes generate no new warnings - [ ] I filled out [the contributor form](https://tally.so/r/n9XrxK) (see text above) - [ ] I have added relevant notes to the `CHANGELOG.md` file (See https://keepachangelog.com/) --------- Co-authored-by: David Berenstein <david.m.berenstein@gmail.com>
Description
This PR is a refactor of the authentication provider. A new authentication provider is created based on the Starlette Authentication Backends. This change simplifies the auth. workflow and prepare incoming oauth integration.
Since the authentication backends should be used by the auth middleware component, the implementation done in this PR does not use it in that way since there are some problems exposing the db session at the middleware level (using global dependencies does not work).
Type of change
(Please delete options that are not relevant. Remember to title the PR according to the type of change)
How Has This Been Tested
(Please describe the tests that you ran to verify your changes. And ideally, reference
tests
)Running locally
Checklist
CHANGELOG.md
file (See https://keepachangelog.com/)