hail icon indicating copy to clipboard operation
hail copied to clipboard

Published 20 hours ago verified publisher icon hail-is

Deprecate and remove hail API tokens in favor of OAuth access tokens

Open daniel-goldstein opened this issue 10 months ago • 6 comments

What happened?

#13131 Adds the ability for users to authenticate with the hail service using access tokens from their hail identity provider (GCP IAM or Azure AAD) instead of using tokens minted by the hail auth service. It does not, however, remove the old form of authentication. There are two actions that must be taken to fully remove the old authentication method:

  1. In #13131, the hail python client attempts to use the new identity.json cloud credentials for authentication, but falls back to the old tokens.json credentials if present.
  2. The auth server still supports the old /api/v1alpha/login endpoint. This is unused in the new authentication flow and should ultimately be removed.

Removing these old code paths can be done in a two-step process, first with deprecation/warnings (the user need only run hailctl auth login to start using the new code paths) and then with removal of the old code paths. This issue is considered complete when the new code paths are removed.

Version

0.2.120

Relevant log output

No response

daniel-goldstein avatar Aug 31 '23 17:08 daniel-goldstein