openhab-vscode
openhab-vscode copied to clipboard
openhab
[WIP] Add AuthenticationProvider implementing OAuth2 code flow
This is an early implementation of the VS Code Authentication Provider API which is able to open regular sessions in the openHAB instance by authorizing itself with the OAuth2 flow, similarly to the main UI.
When an API request fails, a "Sign in" button is offered to perform the initial authorization flow (opening a browser to allow the user to sign in and open a session), the refresh token is then stored in the secrets storage (new secrets API), and reused to get additional access tokens to access the API on behalf of the user.
It doesn't support yet:
- PKCE challenges
- Normal access token management, for instance refreshing it automatically before it expires (after 1 hour)
- Signing out (!)
Signed-off-by: Yannick Schaus [email protected]
Example:
Native dialog from VS Code:
The sign in page is opened in a browser tab:
When clicking sign in the browser may ask if VS Code should open the link:
The extension catches the callback, gets the authorization code from it, and exchanges it for a refresh token and access token:
The protected API calls now work, no manual token creation necessary:
The client ID & refresh token are stored as secrets and they can be retrieved later, so no need to repeat this procedure afterwards.
The VS Code sessions appear in the user's profile page in main UI and can be revoked from there:
The sign in page is opened in a browser tab
Maybe we could tweak this to be opened in a vscode WebView too. It worked already pretty well for the docs in a test i made.
https://community.openhab.org/t/docs-in-vscode-anyone-interested/119774?u=confectrician
Why not, provided the webviews can catch vscode:// URLs too and send them back to VS Code for the UrlHandler to catch.
fyi this code has a lot of code borrowed from the built-in GitHub login. Maybe it would make sense to have an approach as similar as possible to the built-in authenticators.