Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow credentials to support OAuth and personal access tokens #1372

Closed
thedadams opened this issue Jan 21, 2025 · 1 comment
Closed

Allow credentials to support OAuth and personal access tokens #1372

thedadams opened this issue Jan 21, 2025 · 1 comment
Assignees
@thedadams @ivyjeong13
Labels
feature

Comments

@thedadams
Copy link
Contributor

thedadams commented Jan 21, 2025
edited
Loading

This feature encompases changes to the Obot OAuth credential that will allow tools to specify that it supports OAuth and PATs.

A tool will be able to specify that PATs are acceptable via a metadata field. If PATs are acceptable by the tool, then, when the user adds the tool, they will have the option of using OAuth or a personal access token.

Backend changes

  1. Add a new metadata field to tools that support PATs. I am going with oauthPATAllowed.
  2. Change the OAuth credential in Obot tools to prompt for a PAT if no OAuth URLs are sent.
  3. Change two things in Obot:
    a. Make the Global field on OAuth apps default to false.
    b. Send some configuration to the oauth tool to indicate that it can/should prompt for a PAT if not OAuth URLs are sent.

Frontend changes

The flow for adding a tool that uses OAuth should be the following:

  1. User adds tool to agent that requires some OAuth.
  2. If the tool also indicates that is supports PAT, then ask the user which they would like to do.
    a. If they choose PAT, then add the tool to the agent and you're done. Otherwise, continue with these steps.
  3. If the OAuth app in question has not been configured, then prompt them to go configure the OAuth app and come back (or do a configuration modal right there if that is easy to do). Additionally, the OAuth app should not set the global field anymore.
  4. If the OAuth app is configured, then add it to the oauthApps field on the agent at the same time the tool is added to the tools field.
    a. One sidenote here is that we also need to remove the OAuth app from the oauthApps field on the agent when removing a tool, but only when removing the last tool that uses that OAuth app.

The UI also maintains "default OAuth apps" that are assumed to be configured, but a user can "replace" their configuration. An example of such an app is GitHub or Slack (and a non-example is Jira). The concept of a preconfigured or default OAuth app is going away. If a user wants to use an OAuth app, then it must be configured in Obot.
@thedadams thedadams self-assigned this Jan 21, 2025
This was referenced Jan 22, 2025
Merged
Merged
@sangee2004
Copy link

Tools are now allowed to support OAUTH as well as PAT

  1. When adding github tool, user is promoted to choose one of the following 2 options
Image

  1. If PAT is chosen , then user is asked to enter AccessToken when chatting with the agent / when Pre authenticating the tool.

  2. If Oauth is chosen, then user is presented with option to configure the oauth . Up on successful completion, oauth gets set as credential provider.

Image

User is asked to go thru oauth flow when chatting with the agent / when Pre authenticating the tool.

No Oauth App is configured by default. User will need to configure them , if they want to use it in agent/workflow.

Issues found when testing this feature will be tracked as separate issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thedadams thedadams

@ivyjeong13 ivyjeong13

Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@thedadams @ivyjeong13 @sangee2004