-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement automated authorization flow on API page #423
Comments
set orcid redirect to |
I don't think this would simply work how we want it to work, because I think the Swagger UI's POST to the I think we'll need to modify the Swagger UI payload ("hydrate" it, if you will) to e.g. look for a set cookie and to use the cookie to feed it's front-end authorization process. |
From https://fastapi.tiangolo.com/how-to/configure-swagger-ui/, it seems that reconfiguring the |
@cferdinandi can you look into a solution for this? It amounts to implementing a generic way for Swagger UI's HTML response (a generated Swagger UI page for a dev instance of this project to which a GitHub Action continuously deploys the |
Should this be consolidated with #428 ? |
@cferdinandi I sent you an invite to my "NMDC Dev" org on gitpod.io (this repo has .gitpod.* init files). I think this will be the quickest way to dive in. |
@shreddd just sent you an invite too for good measure, in case you're curious (but the resource requirements are well within their free plan). |
Thanks @dwinston , got it! Not really sure what to do next, but I assume more details will follow! |
@cferdinandi I think I want https://swagger.io/docs/specification/authentication/cookie-authentication/ , which is not implemented in Swagger UI because swagger-api/swagger-js#1163 , but our case fits with this comment (swagger-api/swagger-js#1163 (comment)), so I'm hoping you can prepare a new javascript file to pass to fastapi's so strictly speaking, you do not need to replicate/spin-up the nmdc-runtime environment -- you can set up a toy e.g. nodejs project for this. |
@dwinston Gotcha, so this is a generic component, decoupled from the specific project at the moment? If so, I'm on it! |
@dwinston Ok, looking into this a bit more... I think I'm missing some context. The general task is straightforward: get cookie, send with request. But to implement this in the context in which you're using it, it would be immensely helpful to have an actual working environment to start with and some details on how to actually replicate the current state. From re-reading this a few times, it seems like there's some specifics to your setup that matter. Calling the Fast API, how the auth token is actually returned, if it's currently set in some way or not, whether or not JS can access it, etc. How can we get a working environment setup? |
@dwinston it looks like setting I tried searching the code base for a SwaggerUI config but couldn’t find anything. More details here: https://swagger.io/docs/open-source-tools/swagger-ui/usage/configuration/ |
@cferdinandi this looks very promising. And here I was looking to save 1 hour of reading documentation with 4 hours of coding. 🙂 So it could be sufficient to:
And thus, after successful orcid auth, a user should see a refresh of the swagger UI where it has recognized authentication via the same-origin cookie. @PeopleMakeCulture go ahead and take a crack at this. |
example orcid-response-to-set-cookie-and-redirect: https://github.com/polyneme/helioweb/blob/cfabd76a3f683fc80601b160555a87973f0820ca/src/helioweb/ui/main.py#L81 |
@dwinston Sorry it took me a hot minute to grok what you were asking. I was hung up on the auth piece and how the cookie got there in the first place! |
* feat: login-with-orcid link at top for #423` * new GH action to lint and reformat * commit and push reformatting closes #438 * fix * quicken lint GH action * test: for #439 * fix: author-ize * fix: quote * fix: autosetup remote * fix: ensure HEAD ref for git push * try .sha * fix: arg sent to wrong step * style: reformat * inprogress: do not merge * inprogress: do not merge * inprogress: do not merge: add todo * [do not merge] login w/o logout * remove old orcid endpoints * remove auth-action tags * remove commented out orcid_cookie_test * clean: abandon auth-action hack for now --------- Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: Jing Cao <jingcao.me@gmail.com>
addressed imperfectly via #441
|
* feat: login-with-orcid link at top for #423` * new GH action to lint and reformat * commit and push reformatting closes #438 * fix * quicken lint GH action * test: for #439 * fix: author-ize * fix: quote * fix: autosetup remote * fix: ensure HEAD ref for git push * try .sha * fix: arg sent to wrong step * style: reformat * inprogress: do not merge * inprogress: do not merge * inprogress: do not merge: add todo * [do not merge] login w/o logout * remove old orcid endpoints * remove auth-action tags * remove commented out orcid_cookie_test * clean: abandon auth-action hack for now --------- Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: Jing Cao <jingcao.me@gmail.com>
It would be useful to be able to click through the authorize button, so that the orcid token automatically gets pulled into the users session, rather than having to manually enter the credentials in the client ID field.
The text was updated successfully, but these errors were encountered: