-
Notifications
You must be signed in to change notification settings - Fork 123
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Feat: bearer token authentication support (#591)
* bearer token authentication provider support * add tests and checks, move auth file to separate dir * fix error message * remove locks * rename var * refactoring: refactor exceptions, fix mypy * fix: regen async * tests: extend token tests to check token updates * new: add warning when auth token provider is used with an insecure connection * fix: propagate auth token to rest client even with prefer_grpc set --------- Co-authored-by: George Panchuk <[email protected]>
- Loading branch information
Showing
9 changed files
with
363 additions
and
86 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
from qdrant_client.auth.bearer_auth import BearerAuth |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
import asyncio | ||
from typing import Awaitable, Callable, Optional, Union | ||
|
||
import httpx | ||
|
||
|
||
class BearerAuth(httpx.Auth): | ||
def __init__( | ||
self, | ||
auth_token_provider: Union[Callable[[], str], Callable[[], Awaitable[str]]], | ||
): | ||
self.async_token: Optional[Callable[[], Awaitable[str]]] = None | ||
self.sync_token: Optional[Callable[[], str]] = None | ||
|
||
if asyncio.iscoroutinefunction(auth_token_provider): | ||
self.async_token = auth_token_provider | ||
else: | ||
if callable(auth_token_provider): | ||
self.sync_token = auth_token_provider # type: ignore | ||
else: | ||
raise ValueError("auth_token_provider must be a callable or awaitable") | ||
|
||
def _sync_get_token(self) -> str: | ||
if self.sync_token is None: | ||
raise ValueError("Synchronous token provider is not set.") | ||
return self.sync_token() | ||
|
||
def sync_auth_flow(self, request: httpx.Request) -> httpx.Request: | ||
token = self._sync_get_token() | ||
request.headers["Authorization"] = f"Bearer {token}" | ||
yield request | ||
|
||
async def _async_get_token(self) -> str: | ||
if self.async_token is not None: | ||
return await self.async_token() # type: ignore | ||
# Fallback to synchronous token if asynchronous token is not available | ||
return self._sync_get_token() | ||
|
||
async def async_auth_flow(self, request: httpx.Request) -> httpx.Request: | ||
token = await self._async_get_token() | ||
request.headers["Authorization"] = f"Bearer {token}" | ||
yield request |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.