airbyte-api-python-sdk icon indicating copy to clipboard operation
airbyte-api-python-sdk copied to clipboard

Published 20 hours ago verified publisher icon airbytehq

A few questions on OAuth and Airbyte Enterprise

Open dschiavu opened this issue 1 year ago • 2 comments

Hi,

A few questions:

Can this SDK be used against non-Cloud version of Airbyte, i.e. Airbyte OSS and Airbyte Enterprise?

I have noticed there is support for overriding the Airbase API base URL, but I don't see any support for OAuth, as used in the on-premise Airbyte Enterprise version.

Thanks, Dan

dschiavu avatar May 14 '24 10:05 dschiavu

Following up on this one:

I can see now OAuth among the list of supported auth methods here: https://github.com/airbytehq/airbyte-api-python-sdk#per-client-security-schemes

However, I can't find any models.SchemeOAuth2 (as there is models.SchemeBasicAuth for HTTP Basic Auth, for example) to be able to pass the client credentials? Is OAuth actually supported as of now, or not fully yet?

Thanks, Dan

dschiavu avatar May 15 '24 18:05 dschiavu

So, I've stepped thought the SDK code and realised there is no support there yet for the OAuth2 Client Credentials flow.

I did notice that the SDK will accept any Bearer token passed into the client_credentials parameter and append it to all the requests in their Authorization: Bearer <access_token HTTP header, however.

For example:

            self.client = airbyte_api.AirbyteAPI(
                server_url=server_url,
                security=models.Security(client_credentials=access_token)
            )

This is good, as I was able to retrieve the access_token myself using some custom code (a very simple operation), and simply pass it into the client, thus enabling me to use this SDK against my Airbyte Enterprise locally deployed instance, which uses OAuth2 authentication for its API.

This works, however other than the code looking very strange, it would be nice to have full OAuth2 support implemented in the SDK - not just the client_credentials flow, but also flow features such as the token refresh endpoint and similar. To implement this, and akin to the HttpBasicScheme, I'd suggest adding an OAuth2ClientCredentialsScheme data class, with fields such as tokenEndpoint, clientId, clientSecret, tokenRefreshEndpoint and similar, and then doing the OAuth2 Client Credentials flow dance in the SDK itself, including checking for the access token validity and refreshing it periodically, as needed.

So far, the default Airbyte Enterprise access token validity time is 10 hours, which works for me.

dschiavu avatar May 16 '24 18:05 dschiavu