Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Authentication route and update authorization logic flow #15

Open
viniciusdc opened this issue Jul 27, 2023 · 2 comments
Open

Create Authentication route and update authorization logic flow #15

viniciusdc opened this issue Jul 27, 2023 · 2 comments
Assignees
@viniciusdc
Labels
enhancement New feature or request

Comments

@viniciusdc
Copy link
Contributor

The recent #12 implemented the Spaces domain and the first routes on CLI and SDK. It also contains the first steps on authenticated requests to the API server using the API token. While that does correspond to the expected behavior on the backend, the user layers are currently unfinished, as there is a need for an authentication route responsible for authenticating the user and generating the necessary API token (as an access token).
@viniciusdc viniciusdc mentioned this issue Jul 27, 2023
Closed
@Dr0p42
Copy link
Contributor

Dr0p42 commented Oct 6, 2023

Title: Update Authentication Logic for CLI and SDK

Description:

The goal of this issue is to improve the user experience by updating the authentication logic for CLI and SDK use, with a focus on CLI use.

Requirements:

  1. On the every execution of CLI, the application should check for the presence of credentials on the user's machine.
  2. Credentials should be stored in a ~/.naas directory in the user's home directory.
  3. Within the .naas directory, there should be a credential file containing a long-lived access token.
  4. If the credential file is not present or it is empty, the application should:
    • Start a new thread
    • Initiate a built-in Python HTTP server on this thread
    • This server should listen on a specific port and respond to POST and OPTION queries.
  5. Upon starting the thread, the application should open the user's default browser and direct it to https://naas.ai?cli_token=generate_token.
  6. Upon successful login, the application should post the access token to localhost on the custom port.
  7. The server should respond to OPTION queries with the appropriate 'Access-Control-Allow-Origin' headers to prevent CORS issues.
  8. Upon receiving the POST query, the body should contain a dictionary with an access_token key with the value being the actual access token from the naas.ai website.
  9. This short-lived token should then be traded on auth.naas.ai/bearer/workspace/longlived for a long-lived token.
  10. The long-lived token should then be stored in the .naas/credentials file in the user's home directory.
  11. In the main thread of the CLI, the application should watch for the creation and population of the credentials file.
  12. Once the credentials file is populated, the application should attempt to use the token against auth.naas.ai/users/me.
  13. Upon receiving a successful response (HTTP 200), the application should notify the user that the CLI is properly configured and that they are authenticated.

The overall aim is to streamline the authentication process, providing a better user experience when using the CLI and other tools.

@Dr0p42 Dr0p42 added the enhancement New feature or request label Oct 10, 2023
@Dr0p42
Copy link
Contributor

Dr0p42 commented Oct 30, 2023

#28

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@viniciusdc viniciusdc

Labels
enhancement New feature or request
Projects
⚡️ Product Roadmap
Status: 👀 In review
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update authentication flow for CLI and SDK jupyter-naas/naas-python
2 participants
@Dr0p42 @viniciusdc