Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(app): dynamic authentication provider support (release-1.4) (not for merge) #2217

Open
wants to merge 1 commit into
base: release-1.4
Choose a base branch
from
Open

feat(app): dynamic authentication provider support (release-1.4) (not for merge) #2217

wants to merge 1 commit into from

Conversation

gashcrumb
Copy link
Member

@gashcrumb gashcrumb commented Jan 21, 2025
edited
Loading

Description

This change adds support for loading authentication providers or modules
from dynamic plugins via 3 main changes to the code.

First, an environment variable ENABLE_AUTH_PROVIDER_MODULE_OVERRIDE
controls whether or not the backend installs the default authentication
provider module. When this override is enabled dynamic plugins can be
used to supply custom authentication providers.

Secondly this change also adds a signInPage configuration for frontend
dynamic plugins which is required for dynamic plugins to be able to
provide a custom SignInPage component, for example:

dynamicPlugins:
  frontend:
    my-plugin-package:
      signInPage:
        importName: CustomSignInPage

Where the named export CustomSignInPage will be mapped to
components.SignInPage when the frontend is initialized.

Finally, to ensure authentication providers can be managed by the user a
new providerSettings configuration field is available for frontend
dynamic plugins, which can be used to inform the user settings page of
the new provider, for example:

dynamicPlugins:
  frontend:
    my-plugin-package:
      providerSettings:
        - title: Github Two
          description: Sign in with GitHub Org Two
          provider: core.auth.github-two

Each providerSettings item will be turned into a new row under the
"Authentication Providers" tab on the user settings page. The
provider field is used to look up and connect the API ref for the
external authentication provider and should be the same string used when
calling createApiRef, for example:

export const ghTwoAuthApiRef: ApiRef<
  OAuthApi & ProfileInfoApi & BackstageIdentityApi & SessionApi
> = createApiRef({
  id: 'core.auth.github-two',  // <--- this string
})

Which issue(s) does this PR fix

This is a manual cherry-pick of #2167 onto release-1.4

PR acceptance criteria

Please make sure that the following steps are complete:

  • GitHub Actions are completed and successful
  • Unit Tests are updated and passing
  • E2E Tests are updated and passing
  • Documentation is updated if necessary (requirement for new features)
  • Add a screenshot if the change is UX/UI related

How to test changes / Special notes to the reviewer

It's mostly enough to ensure that this change does not break the existing e2e tests. However to actually try this out locally I've prepared this example here.

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 21, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from gashcrumb. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@nickboldt
Copy link
Member

nickboldt commented Jan 21, 2025
edited
Loading

Just to clarify why this is labelled with [do-not-merge/hold](https://github.com/redhat-developer/rhdh/labels/do-not-merge%2Fhold) -- this is a proof of concept for a feature coming in 1.5, to see if it also works in 1.4.z. But it is not currently planned to be merged into the 1.4 code base, as we are trying to avoid feature-creep by adding new features in z-stream maintenance.

For an image that won't expire immediately, see quay.io/rhdh-community/rhdh:pr-2217-5aabfbde or the :RHDH-5484 tag.

@github-actions GitHub Actions
Copy link
Contributor

The image is available at:

@github-actions GitHub Actions
Copy link
Contributor

This PR is stale because it has been open 7 days with no activity. Remove stale label or comment or this will be closed in 21 days.

@github-actions github-actions bot added the Stale label Jan 29, 2025
@gashcrumb gashcrumb removed the Stale label Jan 29, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 6, 2025

This PR is stale because it has been open 7 days with no activity. Remove stale label or comment or this will be closed in 21 days.

@github-actions github-actions bot added the Stale label Feb 6, 2025
@gashcrumb gashcrumb removed the Stale label Feb 7, 2025
@github-actions GitHub Actions
Copy link
Contributor

The image is available at:

@gashcrumb
feat(app): dynamic authentication provider support
6d8ac62 
This change adds support for loading authentication providers or modules
from dynamic plugins via 3 main changes to the code.

First, an environment variable `ENABLE_AUTH_PROVIDER_MODULE_OVERRIDE`
controls whether or not the backend installs the default authentication
provider module.  When this override is enabled dynamic plugins can be
used to supply custom authentication providers.

Secondly this change also adds a `signInPage` configuration for frontend
dynamic plugins which is required for dynamic plugins to be able to
provide a custom SignInPage component, for example:

```yaml
dynamicPlugins:
  frontend:
    my-plugin-package:
      signInPage:
	    importName: CustomSignInPage
```

Where the named export `CustomSignInPage` will be mapped to
`components.SignInPage` when the frontend is initialized.

Finally, to ensure authentication providers can be managed by the user a
new `providerSettings` configuration field is available for frontend
dynamic plugins, which can be used to inform the user settings page of
the new provider, for example:

```yaml
dynamicPlugins:
  frontend:
    my-plugin-package:
      providerSettings:
	  - title: Github Two
	    description: Sign in with GitHub Org Two
	    provider: core.auth.github-two
```

Each `providerSettings` item will be turned into a new row under the
"Authentication Providers" tab on the user settings page.  The
`provider` field is used to look up and connect the API ref for the
external authentication provider and should be the same string used when
calling `createApiRef`, for example:

```javascript
export const ghTwoAuthApiRef: ApiRef<
  OAuthApi & ProfileInfoApi & BackstageIdentityApi & SessionApi
> = createApiRef({
  id: 'core.auth.github-two',  // <--- this string
})
```

Signed-off-by: Stan Lewis <[email protected]>
@gashcrumb gashcrumb changed the title feat(app): dynamic authentication provider support (release-1.4) feat(app): dynamic authentication provider support (release-1.4) (not for merge) Feb 13, 2025
@github-actions GitHub Actions
Copy link
Contributor

The image is available at:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dzemanov dzemanov Awaiting requested review from dzemanov

@its-mitesh-kumar its-mitesh-kumar Awaiting requested review from its-mitesh-kumar

Assignees
No one assigned
Labels
do-not-merge/hold status/blocked
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gashcrumb @nickboldt