Support OAuth2 (client credentials flow) for Action Handlers

[radicand]

Is your proposal related to a problem?

I have a number of cases where I'd like to use Actions to expose data and mutations from backend APIs that are secured with OAuth2 (client credentials flow). In order to make this work today, I need to write middleware services that essentially handle the OAuth handshake and proxy. This creates a hard to maintain sprawl of proxy services and tech debt.

Describe the solution you'd like

I could simplify the tech debt if Hasura could handle these backends secured by OAuth2 on its own. Today you can use request headers if your backend supports a header-based API key or a static Authorization header. It would be helpful to have Hasura accept a token endpoint, client ID, client secret, and scope variables and handle requesting the token (caching it / handling expiration), and using this when making a request to the backend REST API.

This would allow us to simplify our stack significantly and reduce tech debt.

Describe alternatives you've considered

The only other alternative I'm aware of is what we're already doing, which is to write a proxy that handles the OAuth handshake and proxies the data flow.

[rahulagarwal13]

Hey @radicand - Thank you for submitting this feature request. We agree that this could help in simplifying your implementation and this is something we will consider on our roadmap. We do not have a timeline at present to provide you. Please continue to follow this Github issue to get notified of any update on this.

Would be curious to know if you are also using or interested in any of the other OAuth2 flows apart from client credentials?

[radicand]

Would be curious to know if you are also using or interested in any of the other OAuth2 flows apart from client credentials?

Not at this time, as a server to server backend flow, client_credentials really makes the most sense.