bruno icon indicating copy to clipboard operation
bruno copied to clipboard
verified publisher icon usebruno

feat: Improvements to OAuth2-related user interface

Open pietrygamat opened this issue 1 year ago • 5 comments

Description

Redesign of OAuth2 UI. Shows tokens and other information obtained from Authorization Server in separate (rudimentary) part of UI, decoupling them from information coming from actual user request. With this change it is now possible to inherit OAuth2 configuration from collection level.

This PR is a continuation of work started in #2061 where caching of access token was first implemented (currently pending review).

Request level view:

  • Clicking Get Access Token (or simplly running the request) results in bruno executing correct flow.
  • User may be prompted to provide password, depending on the grant type.
  • After the request completes, the oauth2 credentials are stored and displayed in collapsible section at the bottom of the screen.
  • Any subsequent requests witin the same collection will reuse them.
  • Clearing cache resets everything back.

Screenshot from 2024-05-05 22-01-00 Screenshot from 2024-05-05 22-01-33 Screenshot from 2024-05-05 22-02-11 Screenshot from 2024-05-05 22-03-28

Collection level

  • The same controls are added to collection level Auth configuration.
  • Clicking Get Access Token on collection level results in executing authorization request and updating credentials.
  • Inherit mode is now supported also when collection uses OAuth2. Screenshot from 2024-05-05 22-04-26 Screenshot from 2024-05-05 22-04-45

Contribution Checklist:

  • [ ] The pull request only addresses one issue or adds one feature.
  • [ ] The pull request does not introduce any breaking changes
  • [x] I have added screenshots or gifs to help explain the change if applicable.
  • [x] I have read the contribution guidelines.
  • [x] Create an issue and link to the pull request.

resolves #1999 resolves #2074 resolves #1704 resolves #2494

pietrygamat avatar Apr 14 '24 22:04 pietrygamat

Looks great, I'm not sure but it looks like one of your other PRs (implicit grant) snuck in here

lizziemac avatar May 05 '24 18:05 lizziemac

Looks great, I'm not sure but it looks like one of your other PRs (implicit grant) snuck in here

It's kind of on purpose - they build up on top of eachother - the implicit grant actually requires dropping the current approach of transforming user request into token request and automatically setting Bearer token instead. I hope to get some definitive feedback from @helloanoop @sanjai0py or other maintainers on wheter the feature is unwelcome, and if so, adjust the PRs accordingly, but having two (or actually three if counting #2164) conflicting PRs is something I want to avoid.

pietrygamat avatar May 05 '24 18:05 pietrygamat

Dear @helloanoop , When this PR will get merged as , this change is going to be fixing many issue of OAuth and Inheritance of OAuth

dhanabal-thangavel-maersk avatar Aug 22 '24 17:08 dhanabal-thangavel-maersk

OAuth interface improvements is a priority for us in Sep 2024. I will share more updates on this soon.

helloanoop avatar Sep 03 '24 14:09 helloanoop

Waiting on this and the other OAuth changes to introduce Bruno as a solution for my team, would love to see this soon 🙏🏻

lizziemac avatar Oct 03 '24 01:10 lizziemac

Hoping that this redesign will be available soon. It's important to our team to adopt Bruno.

diogenesc avatar Oct 04 '24 15:10 diogenesc

Any update on this?

fantpmas avatar Oct 24 '24 09:10 fantpmas

For anyone looking for a workaround in the meantime, I'll post mine. Until they make it work the way it's supposed to do, this does it just fine.

  • Collection Settings > Auth. Setup the OAuth 2.0 Client Credentials config there.
  • Scripts tab, add to the Pre Request field:
var token = bru.getVar('oauth2_token')
if (token) {
  req.setHeader('Authorization', `Bearer ${token}`)
}
  • Add to the Post Request field:
var token = res.body.access_token;
if (token) {
  bru.setVar('oauth2_token', token)
}

Set all the requests to use "No Auth".

Essentially what this does is that for each request in the collection, there will be a pre-request fired to get the bearer token via OAuth2 as configured in the collection settings, and save this to the "oauth2_token" Bruno variable. Then, for any request in the collection, there will be a pre request action to get the token in that "oauth2_token" variable and inject it into the "Authorization Bearer" header.

kevin-courbet avatar Nov 19 '24 18:11 kevin-courbet

These improvements are now available in the experimental build here - https://github.com/usebruno/bruno-experimental-builds/releases/tag/oauth2-revamp-v1.39.0-2025.2.5 Documentation - https://docs.usebruno.com/auth/oauth2-experimental/overview

Goal is to have this released before the end of this month (Feb 2025)

helloanoop avatar Feb 06 '25 17:02 helloanoop

Just tested.

I was able to create an OAuth 2 Client Credentials Auth at the Collection Level, and then inherit the auth via requests under the collections and it worked.

I can now clean up 10 other collections that all have a "Get Token" request that I have to click first to test things.

Thank you!

VictorioBerra avatar Feb 07 '25 15:02 VictorioBerra