Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow BYO auth backend #269

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

trondhindenes
Copy link

@trondhindenes trondhindenes commented Dec 26, 2022

Allows replacing the built-in auth backend with a custom one.

This allowed me to do:

class HackyAuthUser(BaseUser):
    def __init__(self, user_id: str = 'unknown', display_name: str = 'unknown'):
        self._user_id = user_id
        self._display_name = display_name

    @property
    def is_authenticated(self) -> bool:
        return True

    @property
    def display_name(self) -> str:
        return self._display_name

    @property
    def user_id(self) -> str:
        return self._user_id


class HackyAuthBackend(AuthenticationBackend):
    def __init__(self, header_name):
        self.header_name = header_name

    async def authenticate(self, conn):
        if self.header_name not in conn.headers:
            raise AuthenticationError('Invalid credentials')
        user_name = conn.headers[self.header_name]
        return AuthCredentials(scopes=[]), HackyAuthUser(user_name, user_name)


app = FastAPI(
    routes=[
        Mount('/admin/', create_admin(
            tables=APP_CONFIG.table_classes,
            auth_backend=HackyAuthBackend(header_name='Authorization'))
              ),
    ],
)

It would be cool if it was somehow possible to override the default "non-authenticated" behavior, and for example have admin-api redirect the user to another login url instead of the built-in one, but I didn't find a clean way to do that.

@github-actions
Copy link

This PR has been marked as stale because it has been open for 30 days with no activity. Are there any blockers, or should this be closed?

@github-actions github-actions bot added the Stale label Jan 28, 2023
@dantownsend
Copy link
Member

Still relevant - I want to merge this in. Just need to think about what to do with the logout endpoint.

@trondhindenes
Copy link
Author

yup, I'm not sure either. Maybe just allow pointing to a custom logout url? If this was setup using oauth proxy or similar, we'd send the user to the auth0 logout url (which is known) for the auth0 app that is used with oauth proxy. Most auth providers supply a logout url, so having that as an optional parameter would imho make sense.

@github-actions github-actions bot removed the Stale label Jan 31, 2023
@github-actions
Copy link

github-actions bot commented Mar 4, 2023

This PR has been marked as stale because it has been open for 30 days with no activity. Are there any blockers, or should this be closed?

@github-actions github-actions bot added the Stale label Mar 4, 2023
@aleksarias
Copy link

I'm also interested in getting something like this included

@github-actions github-actions bot removed the Stale label Nov 7, 2023
Copy link

github-actions bot commented Dec 7, 2023

This PR has been marked as stale because it has been open for 30 days with no activity. Are there any blockers, or should this be closed?

@github-actions github-actions bot added the Stale label Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants