pyzeebe icon indicating copy to clipboard operation
pyzeebe copied to clipboard

Published 20 hours ago verified publisher icon camunda-community-hub

feat: oauth client credentials

Open felicijus opened this issue 1 year ago • 2 comments

Provides a way to Authenticate with Oauth2Session for 0Auth2 Client Credentials (and possibility to adopt other Flows) via AuthMetadataPlugin (OAuth2MetadataPlugin) tailored to oauthlib and requests_oauthlib.

Provides posibility to adapt to non RFC 6749 compliant Authentification Server.

Changes

  • OAuth2MetadataPlugin (Class to be able Authenticate with any Authorization flow provided by oauthlib package
  • OAuth2 Client Credentials (specific Implementation with oauthlib package for Client Credential Flow)
  • New create channel functions for create_camunda_cloud_channel and create_oauth2_client_credentials_channel
  • Use given expires_in attribute in Token to reauthenticate after expiration (overridable, configurable if not given)

API Updates

New Features (required)

private APIs

  1. OAuth2MetadataPlugin
  2. Oauth2ClientCredentialsMetadataPlugin (Specializationof OAuth2MetadataPlugin)

public APIs

  1. create_camunda_cloud_channel
  2. create_oauth2_client_credentials_channel

Deprecations (required)

The other way to create_camunda_cloud_channel (channel/camunda_cloud_channel.py) could be deleted.

Enhancements (optional)

More configurable way to handle Authentification for pyzeebe grpc channel.

Checklist

  • [x] Unit tests
  • [ ] Documentation

References

https://datatracker.ietf.org/doc/html/rfc6749 https://oauthlib.readthedocs.io/en/latest/oauth2/clients/client.html https://requests-oauthlib.readthedocs.io/en/latest/oauth2_workflow.html

felicijus avatar Aug 14 '24 08:08 felicijus

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Aug 14 '24 08:08 CLAassistant

Hi. Do you want to replace #412?

dimastbk avatar Aug 19 '24 04:08 dimastbk

I think the changes are now all implemented as you wished @dimastbk. I needed to change the commit author therefore the force pushes.

felicijus avatar Aug 21 '24 07:08 felicijus

How should we handle the mypy errors @dimastbk ?

I would suggest doing it with inline ignore statement # type: ignore.

pyzeebe/credentials/oauth.py:10: error: Skipping analyzing "grpc._auth": module is installed, but missing library stubs or py.typed marker  [import-untyped]
pyzeebe/credentials/oauth.py:17: error: Class cannot subclass "AuthMetadataPlugin" (has type "Any")  [misc]
pyzeebe/channel/oauth_channel.py:[5](https://github.com/camunda-community-hub/pyzeebe/actions/runs/10503175124/job/29127825861?pr=468#step:6:6): error: Skipping analyzing "grpc.aio._typing": module is installed, but missing library stubs or py.typed marker  [import-untyped]
pyzeebe/channel/oauth_channel.py:5: note: See https://mypy.readthedocs.io/en/stable/running_mypy.html#missing-imports
Found 3 errors in 2 files (checked 52 source files)
Error: Process completed with exit code 1.

felicijus avatar Aug 22 '24 23:08 felicijus

Pull Request Test Coverage Report for Build 11191422489

Details

  • 90 of 90 (100.0%) changed or added relevant lines in 5 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.3%) to 96.883%
Totals Coverage Status
Change from base Build 11130949290: 0.3%
Covered Lines: 1088
Relevant Lines: 1123
💛 - Coveralls

coveralls avatar Sep 30 '24 07:09 coveralls

Got some time now. I will create a pull request regarding the grpcAddress (java zeebe) or target. So naming could be:

  1. grpc_address (favourite)
  2. target

And then finish up this pull request.

Coverage should be fine, i think ✅

felicijus avatar Sep 30 '24 07:09 felicijus

Thanks

dimastbk avatar Oct 05 '24 15:10 dimastbk