piccolo_admin icon indicating copy to clipboard operation
piccolo_admin copied to clipboard
verified publisher icon piccolo-orm

allow BYO auth backend

Open trondhindenes opened this issue 3 years ago • 6 comments

Allows replacing the built-in auth backend with a custom one.

This allowed me to do:

class HackyAuthUser(BaseUser):
    def __init__(self, user_id: str = 'unknown', display_name: str = 'unknown'):
        self._user_id = user_id
        self._display_name = display_name

    @property
    def is_authenticated(self) -> bool:
        return True

    @property
    def display_name(self) -> str:
        return self._display_name

    @property
    def user_id(self) -> str:
        return self._user_id


class HackyAuthBackend(AuthenticationBackend):
    def __init__(self, header_name):
        self.header_name = header_name

    async def authenticate(self, conn):
        if self.header_name not in conn.headers:
            raise AuthenticationError('Invalid credentials')
        user_name = conn.headers[self.header_name]
        return AuthCredentials(scopes=[]), HackyAuthUser(user_name, user_name)


app = FastAPI(
    routes=[
        Mount('/admin/', create_admin(
            tables=APP_CONFIG.table_classes,
            auth_backend=HackyAuthBackend(header_name='Authorization'))
              ),
    ],
)

It would be cool if it was somehow possible to override the default "non-authenticated" behavior, and for example have admin-api redirect the user to another login url instead of the built-in one, but I didn't find a clean way to do that.

trondhindenes avatar Dec 26 '22 11:12 trondhindenes

This PR has been marked as stale because it has been open for 30 days with no activity. Are there any blockers, or should this be closed?

github-actions[bot] avatar Jan 28 '23 02:01 github-actions[bot]

Still relevant - I want to merge this in. Just need to think about what to do with the logout endpoint.

dantownsend avatar Jan 28 '23 07:01 dantownsend

yup, I'm not sure either. Maybe just allow pointing to a custom logout url? If this was setup using oauth proxy or similar, we'd send the user to the auth0 logout url (which is known) for the auth0 app that is used with oauth proxy. Most auth providers supply a logout url, so having that as an optional parameter would imho make sense.

trondhindenes avatar Jan 29 '23 18:01 trondhindenes

This PR has been marked as stale because it has been open for 30 days with no activity. Are there any blockers, or should this be closed?

github-actions[bot] avatar Mar 04 '23 02:03 github-actions[bot]

I'm also interested in getting something like this included

aleksarias avatar Nov 06 '23 14:11 aleksarias

This PR has been marked as stale because it has been open for 30 days with no activity. Are there any blockers, or should this be closed?

github-actions[bot] avatar Dec 07 '23 02:12 github-actions[bot]