Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth flow: Instance-wide params should only be injected if a connector will be using oauth #5989

Closed
sherifnada opened this issue Sep 11, 2021 · 3 comments
Closed

OAuth flow: Instance-wide params should only be injected if a connector will be using oauth #5989

sherifnada opened this issue Sep 11, 2021 · 3 comments
Labels
area/connectors Connector related issues area/oauth blocked type/bug Something isn't working
Milestone
ConnCore, Nov 17 ...

Comments

@sherifnada
Copy link
Contributor

Current Behavior

If instancewide oauth params are set, they are always injected when the source connector is created via the web_backend/sources/create endpoint.

However, there are instances where this is undesirable behavior.

For example, you can authenticate into various google APIs using a few methods e.g: Bigquery via service account key or oauth2. in this case the spec of the connector might be:

{
  "properties": {
    "credentials": {
      "oneOf": [
        {
          "type": "object",
          "required": ["auth_type", "client_id", "client_secret"],
          "auth_type": {
            "type": "string",
            "const": "oauth2"
          },
          "client_id":{
            "type": "string"
          },
          "client_secret": {
            "type": "string"
          }
        },
        {
          "type": "object",
          "required": ["auth_type", "service_account_key"],
          "auth_type": {
            "type": "string",
            "const": "service_account_key"
          },
          "service_account_key":{
            "type": "string"
          }
        }
      ]
    }
  }
}

then the config must have either

{
  "credentials": {
    "auth_type": "oauth2",
    "client_id": "abc",
    "client_secret": "xyz"
  }
}

or

{
  "credentials": {
    "auth_type": "service_account_key",
    "json": {
      ...
    }
  }
}

but in the current behavior if the user wants to use service account credentials, then validation for the connector will fail because we would have a config that looks like:

{
  "credentials": {
    "auth_type": "service_account_key",
    "json": {
      ...
    },
    "client_id": "abc",
    "client_secret": "xyz"
  }
}

This is not world ending but definitely error prone.

Expected Behavior

instancewide variables should only be injected if needed/if a config is using oauth
@sherifnada sherifnada added type/bug Something isn't working area/connectors Connector related issues area/oauth labels Sep 11, 2021
@sherifnada sherifnada mentioned this issue Sep 11, 2021
Merged
@ChristopheDuong
Copy link
Contributor

In the case of a Facebook connector, it seems:

  • you'd have instance wide parameters client_id and client_secret (which are used in the oauth flow to retrieve an access_token)
  • but these are not required by the connector to use the access_token afterward. So it is unnecessary to inject them into the connector's configurations.

The specs.json of such connectors following up on #6456 should declare

  • no oauthFlowInitParameters to inject
  • an oauthFlowOutputParameters of access_token after completing the oauth flow

@ChristopheDuong ChristopheDuong mentioned this issue Sep 27, 2021
Merged
15 tasks
@ChristopheDuong ChristopheDuong mentioned this issue Oct 4, 2021
Merged
38 tasks
This was referenced Oct 13, 2021
Merged
Merged
@sherifnada sherifnada added this to the Connector Core 2021-10-20 milestone Oct 14, 2021
@avida avida mentioned this issue Oct 19, 2021
Closed
38 tasks
@sherifnada
Copy link
Contributor Author

blocked on ratification of spec

@ChristopheDuong ChristopheDuong changed the title oauth params should only be injected if a connector will be using oauth OAuth flow: Instance-wide params should only be injected if a connector will be using oauth Nov 4, 2021
@avida avida removed their assignment Nov 12, 2021
This was referenced Nov 12, 2021
Merged
Merged
@sherifnada
Copy link
Contributor Author

@ChristopheDuong can this be closed?

@bleonard bleonard added Epic and removed Epic labels Apr 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/connectors Connector related issues area/oauth blocked type/bug Something isn't working
Projects
None yet
Milestone
ConnCore, Nov 17 2021
Development

Successfully merging a pull request may close this issue.

oAuth worlkflow: Inject parameters according to source spec. airbytehq/airbyte
4 participants
@bleonard @avida @sherifnada @ChristopheDuong