Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Authlib and pass verify flag downstream #46

Merged
merged 8 commits into from
Nov 1, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,14 @@ You can see an example usage below:

```python
from seldon_deploy_sdk import EnvironmentApi, Configuration, ApiClient
from seldon_deploy_sdk.auth import OIDCAuthenticator
from seldon_deploy_sdk.auth import AuthMethod, OIDCAuthenticator

config = Configuration()
config.host = "http://X.X.X.X/seldon-deploy/api/v1alpha1"
config.oidc_client_id = "sd-api"
config.oidc_client_secret = "sd-api-secret"
config.oidc_server = "http://X.X.X.X/auth/realms/deploy-realm"
config.auth_method = "auth_code"
config.auth_method = AuthMethod.AUTH_CODE

auth = OIDCAuthenticator(config)
config.id_token = auth.authenticate()
Expand Down
2 changes: 1 addition & 1 deletion python/licenses/license.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Authlib
0.15.5
1.0.1
BSD License
BSD 3-Clause License

Expand Down
2 changes: 1 addition & 1 deletion python/licenses/license_info.csv
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
"Name","Version","License"
"Authlib","0.15.5","BSD License"
"Authlib","1.0.1","BSD License"
"certifi","2022.9.24","Mozilla Public License 2.0 (MPL 2.0)"
"cffi","1.15.1","MIT License"
"cryptography","38.0.1","Apache Software License; BSD License"
Expand Down
3 changes: 2 additions & 1 deletion python/seldon_deploy_sdk/auth/__init__.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from .base import AuthMethod
from .session import SessionAuthenticator
from .openid import OIDCAuthenticator

__all__ = ["SessionAuthenticator", "OIDCAuthenticator"]
__all__ = ["AuthMethod", "SessionAuthenticator", "OIDCAuthenticator"]
25 changes: 14 additions & 11 deletions python/seldon_deploy_sdk/auth/openid.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
import logging
import os
import urllib3
import webbrowser

from typing import Dict
from urllib.parse import urlencode
from authlib.integrations.base_client import FrameworkIntegration, RemoteApp
from authlib.integrations.base_client import FrameworkIntegration, OAuth2Mixin
from authlib.integrations.requests_client import OAuth2Session

from ..configuration import Configuration
Expand All @@ -21,10 +22,6 @@
ACCESS_TOKEN_FIELD = "access_token"


class OIDCIntegration(FrameworkIntegration):
oauth2_client_cls = OAuth2Session


def _get_token(token: Dict[str, str]) -> str:
if ID_TOKEN_FIELD not in token:
logger.info(
Expand All @@ -43,7 +40,6 @@ def __init__(self, config: Configuration):
super().__init__(config)

if not config.verify_ssl:
os.environ["CURL_CA_BUNDLE"] = ""
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

if config.oidc_server is None:
Expand All @@ -64,13 +60,15 @@ def __init__(self, config: Configuration):

server_metadata_url = f"{config.oidc_server}/.well-known/openid-configuration"

self._app = RemoteApp(
framework=OIDCIntegration,
self._app = OAuth2Mixin(
framework=FrameworkIntegration,
client_kwargs={"verify": config.verify_ssl},
client_id=config.oidc_client_id,
client_secret=config.oidc_client_secret,
server_metadata_url=server_metadata_url,
access_token_params=access_token_params,
)
self._app.client_cls = OAuth2Session
self._app.load_server_metadata()

@_soft_deprecate # type: ignore
Expand Down Expand Up @@ -109,10 +107,15 @@ def _use_authorization_code(self):
state=self._AuthCodeState,
scope=self._config.scope,
)["url"]

webbrowser.open_new_tab(request_url)
adriangonz marked this conversation as resolved.
Show resolved Hide resolved
print(
"Please copy the following URL into a browser to log in.",
"You will be redirected and shown a code to copy and paste here.",
f"\n\n\t'{request_url}'\n\n",
"The following URL should have opened now on a new tab, where you "
"will be able to log in.\n"
"If it hasn't, please copy the following URL into a browser.\n"
"Once you have logged in, you will be redirected and will be shown a code "
"to copy and paste below."
f"\n\n\t{request_url}\n\n"
)
response_code = self._get_response_code()
response_code_query = urlencode({"code": response_code})
Expand Down
4 changes: 2 additions & 2 deletions python/setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@
"python-dateutil>=2.1",
"six>=1.10",
"urllib3>=1.23",
"Authlib<=0.16.0",
adriangonz marked this conversation as resolved.
Show resolved Hide resolved
"Authlib>=1.0.0,<1.1.0",
]


setup(
name=NAME,
Expand Down
3 changes: 2 additions & 1 deletion templates/python/auth/__init__.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from .base import AuthMethod
from .session import SessionAuthenticator
from .openid import OIDCAuthenticator

__all__ = ["SessionAuthenticator", "OIDCAuthenticator"]
__all__ = ["AuthMethod", "SessionAuthenticator", "OIDCAuthenticator"]
25 changes: 14 additions & 11 deletions templates/python/auth/openid.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
import logging
import os
import urllib3
import webbrowser

from typing import Dict
from urllib.parse import urlencode
from authlib.integrations.base_client import FrameworkIntegration, RemoteApp
from authlib.integrations.base_client import FrameworkIntegration, OAuth2Mixin
from authlib.integrations.requests_client import OAuth2Session

from ..configuration import Configuration
Expand All @@ -21,10 +22,6 @@
ACCESS_TOKEN_FIELD = "access_token"


class OIDCIntegration(FrameworkIntegration):
oauth2_client_cls = OAuth2Session


def _get_token(token: Dict[str, str]) -> str:
if ID_TOKEN_FIELD not in token:
logger.info(
Expand All @@ -43,7 +40,6 @@ def __init__(self, config: Configuration):
super().__init__(config)

if not config.verify_ssl:
os.environ["CURL_CA_BUNDLE"] = ""
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

if config.oidc_server is None:
Expand All @@ -64,13 +60,15 @@ def __init__(self, config: Configuration):

server_metadata_url = f"{config.oidc_server}/.well-known/openid-configuration"

self._app = RemoteApp(
framework=OIDCIntegration,
self._app = OAuth2Mixin(
framework=FrameworkIntegration,
client_kwargs={"verify": config.verify_ssl},
client_id=config.oidc_client_id,
client_secret=config.oidc_client_secret,
server_metadata_url=server_metadata_url,
access_token_params=access_token_params,
)
self._app.client_cls = OAuth2Session
self._app.load_server_metadata()

@_soft_deprecate # type: ignore
Expand Down Expand Up @@ -109,10 +107,15 @@ def _use_authorization_code(self):
state=self._AuthCodeState,
scope=self._config.scope,
)["url"]

webbrowser.open_new_tab(request_url)
print(
"Please copy the following URL into a browser to log in.",
"You will be redirected and shown a code to copy and paste here.",
f"\n\n\t'{request_url}'\n\n",
"The following URL should have opened now on a new tab, where you "
"will be able to log in.\n"
"If it hasn't, please copy the following URL into a browser.\n"
"Once you have logged in, you will be redirected and will be shown a code "
"to copy and paste below."
f"\n\n\t{request_url}\n\n"
)
response_code = self._get_response_code()
response_code_query = urlencode({"code": response_code})
Expand Down
4 changes: 2 additions & 2 deletions templates/python/setup.mustache
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ REQUIRES = [
"python-dateutil>=2.1",
"six>=1.10",
"urllib3>=1.23",
"Authlib<=0.16.0",
"Authlib>=1.0.0,<1.1.0",
]

{{#asyncio}}
REQUIRES.append("aiohttp")
{{/asyncio}}
Expand Down