Skip to content

allow BYO auth backend#269

Open
trondhindenes wants to merge 1 commit intopiccolo-orm:masterfrom
trondhindenes:custom-auth
Open

allow BYO auth backend#269
trondhindenes wants to merge 1 commit intopiccolo-orm:masterfrom
trondhindenes:custom-auth

Conversation

@trondhindenes
Copy link

@trondhindenes trondhindenes commented Dec 26, 2022
edited
Loading

Allows replacing the built-in auth backend with a custom one.

This allowed me to do:

class HackyAuthUser(BaseUser):
    def __init__(self, user_id: str = 'unknown', display_name: str = 'unknown'):
        self._user_id = user_id
        self._display_name = display_name

    @property
    def is_authenticated(self) -> bool:
        return True

    @property
    def display_name(self) -> str:
        return self._display_name

    @property
    def user_id(self) -> str:
        return self._user_id


class HackyAuthBackend(AuthenticationBackend):
    def __init__(self, header_name):
        self.header_name = header_name

    async def authenticate(self, conn):
        if self.header_name not in conn.headers:
            raise AuthenticationError('Invalid credentials')
        user_name = conn.headers[self.header_name]
        return AuthCredentials(scopes=[]), HackyAuthUser(user_name, user_name)


app = FastAPI(
    routes=[
        Mount('/admin/', create_admin(
            tables=APP_CONFIG.table_classes,
            auth_backend=HackyAuthBackend(header_name='Authorization'))
              ),
    ],
)

It would be cool if it was somehow possible to override the default "non-authenticated" behavior, and for example have admin-api redirect the user to another login url instead of the built-in one, but I didn't find a clean way to do that.

@trondhindenes trondhindenes mentioned this pull request Dec 30, 2022
Open
@github-actions
Copy link

github-actions bot commented Jan 28, 2023

This PR has been marked as stale because it has been open for 30 days with no activity. Are there any blockers, or should this be closed?

@github-actions github-actions bot added the Stale label Jan 28, 2023
@dantownsend
Copy link
Member

dantownsend commented Jan 28, 2023

Still relevant - I want to merge this in. Just need to think about what to do with the logout endpoint.

@trondhindenes
Copy link
Author

trondhindenes commented Jan 29, 2023

yup, I'm not sure either. Maybe just allow pointing to a custom logout url? If this was setup using oauth proxy or similar, we'd send the user to the auth0 logout url (which is known) for the auth0 app that is used with oauth proxy. Most auth providers supply a logout url, so having that as an optional parameter would imho make sense.

@github-actions github-actions bot removed the Stale label Jan 31, 2023
@github-actions
Copy link

github-actions bot commented Mar 4, 2023

This PR has been marked as stale because it has been open for 30 days with no activity. Are there any blockers, or should this be closed?

@github-actions github-actions bot added the Stale label Mar 4, 2023
@aleksarias
Copy link

aleksarias commented Nov 6, 2023

I'm also interested in getting something like this included

@github-actions github-actions bot removed the Stale label Nov 7, 2023
@github-actions
Copy link

github-actions bot commented Dec 7, 2023

This PR has been marked as stale because it has been open for 30 days with no activity. Are there any blockers, or should this be closed?

@github-actions github-actions bot added the Stale label Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@trondhindenes @dantownsend @aleksarias