Skip to content

Commit 3b63ed8

Browse files
committed
update cli for generic oauth2 ; support 2 auth servers to check tokens in back
1 parent 9c133a5 commit 3b63ed8

4 files changed

Lines changed: 32 additions & 10 deletions

File tree

carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,18 @@
88
from typing import Any, Dict, Optional, Tuple
99

1010
from authlib.integrations.starlette_client import OAuth
11+
from authlib.jose import JsonWebKey
12+
from authlib.jose import jwt as jose_jwt
13+
from fief_client import FiefAsync
1114

1215
from carbonserver.config import settings
1316

1417
DEFAULT_SIGNATURE_CACHE_TTL = 3600 # seconds
1518
OAUTH_SCOPES = ["openid", "email", "profile"]
1619

20+
fief = FiefAsync(
21+
settings.fief_url, settings.fief_client_id, settings.fief_client_secret
22+
)
1723

1824
oauth = OAuth()
1925
oauth.register(
@@ -44,3 +50,20 @@ async def get_authorize_url(self, request, login_url):
4450

4551
def get_client_credentials(self) -> Tuple[str, str]:
4652
return (self.client.client_id, self.client.client_secret)
53+
54+
async def _decode_token(self, token: str) -> Dict[str, Any]:
55+
try:
56+
access_token_info = await fief.validate_access_token(token)
57+
return access_token_info
58+
except Exception:
59+
...
60+
61+
jwks_data = await self.client.fetch_jwk_set()
62+
keyset = JsonWebKey.import_key_set(jwks_data)
63+
claims = jose_jwt.decode(token, keyset)
64+
claims.validate()
65+
return dict(claims)
66+
67+
async def validate_access_token(self, token: str) -> bool:
68+
await self._decode_token(token)
69+
return True

carbonserver/carbonserver/api/services/auth_service.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ async def __call__(
6464
await auth_provider.validate_access_token(bearer_token.credentials)
6565
except Exception:
6666
raise HTTPException(status_code=401, detail="Invalid token")
67-
# cli user using auth provider token
67+
6868
self.auth_user = jwt.decode(
6969
bearer_token.credentials,
7070
options={"verify_signature": False},

codecarbon/cli/main.py

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,6 @@
88
import questionary
99
import requests
1010
import typer
11-
from fief_client import Fief
12-
from fief_client.integrations.cli import FiefAuth
1311
from rich import print
1412
from rich.prompt import Confirm
1513
from typing_extensions import Annotated
@@ -23,6 +21,7 @@
2321
overwrite_local_config,
2422
)
2523
from codecarbon.cli.monitor import run_and_monitor
24+
from codecarbon.cli.oidc_auth import OIDCAuth
2625
from codecarbon.core.api_client import ApiClient, get_datetime_with_timezone
2726
from codecarbon.core.schemas import ExperimentCreate, OrganizationCreate, ProjectCreate
2827
from codecarbon.emissions_tracker import EmissionsTracker, OfflineEmissionsTracker
@@ -115,15 +114,14 @@ def show_config(path: Path = Path("./.codecarbon.config")) -> None:
115114
)
116115

117116

118-
def get_fief_auth():
119-
fief = Fief(AUTH_SERVER_URL, AUTH_CLIENT_ID)
120-
fief_auth = FiefAuth(fief, "./credentials.json")
121-
return fief_auth
117+
def get_oidc_auth():
118+
oidc_auth = OIDCAuth(AUTH_SERVER_URL, AUTH_CLIENT_ID, "./credentials.json")
119+
return oidc_auth
122120

123121

124122
def _get_access_token():
125123
try:
126-
access_token_info = get_fief_auth().access_token_info()
124+
access_token_info = get_oidc_auth().access_token_info()
127125
access_token = access_token_info["access_token"]
128126
return access_token
129127
except Exception as e:
@@ -133,7 +131,7 @@ def _get_access_token():
133131

134132

135133
def _get_id_token():
136-
id_token = get_fief_auth()._tokens["id_token"]
134+
id_token = get_oidc_auth().get_id_token()
137135
return id_token
138136

139137

@@ -152,7 +150,7 @@ def api_get():
152150

153151
@codecarbon.command("login", short_help="Login to CodeCarbon")
154152
def login():
155-
get_fief_auth().authorize()
153+
get_oidc_auth().authorize()
156154
api = ApiClient(endpoint_url=API_URL) # TODO: get endpoint from config
157155
access_token = _get_access_token()
158156
api.set_access_token(access_token)

pyproject.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ dependencies = [
4343
"questionary",
4444
"rich",
4545
"typer",
46+
"python-jose[cryptography]>=3.4.0",
4647
]
4748

4849
[tool.setuptools.dynamic]

0 commit comments

Comments
 (0)