You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a number of cases where I'd like to use Actions to expose data and mutations from backend APIs that are secured with OAuth2 (client credentials flow). In order to make this work today, I need to write middleware services that essentially handle the OAuth handshake and proxy. This creates a hard to maintain sprawl of proxy services and tech debt.
Describe the solution you'd like
I could simplify the tech debt if Hasura could handle these backends secured by OAuth2 on its own. Today you can use request headers if your backend supports a header-based API key or a static Authorization header. It would be helpful to have Hasura accept a token endpoint, client ID, client secret, and scope variables and handle requesting the token (caching it / handling expiration), and using this when making a request to the backend REST API.
This would allow us to simplify our stack significantly and reduce tech debt.
Describe alternatives you've considered
The only other alternative I'm aware of is what we're already doing, which is to write a proxy that handles the OAuth handshake and proxies the data flow.
The text was updated successfully, but these errors were encountered:
Hey @radicand - Thank you for submitting this feature request. We agree that this could help in simplifying your implementation and this is something we will consider on our roadmap. We do not have a timeline at present to provide you. Please continue to follow this Github issue to get notified of any update on this.
Would be curious to know if you are also using or interested in any of the other OAuth2 flows apart from client credentials?
Is your proposal related to a problem?
I have a number of cases where I'd like to use Actions to expose data and mutations from backend APIs that are secured with OAuth2 (client credentials flow). In order to make this work today, I need to write middleware services that essentially handle the OAuth handshake and proxy. This creates a hard to maintain sprawl of proxy services and tech debt.
Describe the solution you'd like
I could simplify the tech debt if Hasura could handle these backends secured by OAuth2 on its own. Today you can use request headers if your backend supports a header-based API key or a static Authorization header. It would be helpful to have Hasura accept a token endpoint, client ID, client secret, and scope variables and handle requesting the token (caching it / handling expiration), and using this when making a request to the backend REST API.
This would allow us to simplify our stack significantly and reduce tech debt.
Describe alternatives you've considered
The only other alternative I'm aware of is what we're already doing, which is to write a proxy that handles the OAuth handshake and proxies the data flow.
The text was updated successfully, but these errors were encountered: