diff --git a/README.md b/README.md index 9e26a22..4758f54 100644 --- a/README.md +++ b/README.md @@ -23,14 +23,14 @@ You can see an example usage below: ```python from seldon_deploy_sdk import EnvironmentApi, Configuration, ApiClient -from seldon_deploy_sdk.auth import OIDCAuthenticator +from seldon_deploy_sdk.auth import AuthMethod, OIDCAuthenticator config = Configuration() config.host = "http://X.X.X.X/seldon-deploy/api/v1alpha1" config.oidc_client_id = "sd-api" config.oidc_client_secret = "sd-api-secret" config.oidc_server = "http://X.X.X.X/auth/realms/deploy-realm" -config.auth_method = "auth_code" +config.auth_method = AuthMethod.AUTH_CODE auth = OIDCAuthenticator(config) config.id_token = auth.authenticate() diff --git a/python/licenses/license.txt b/python/licenses/license.txt index b1326f4..6682ce2 100644 --- a/python/licenses/license.txt +++ b/python/licenses/license.txt @@ -1,5 +1,5 @@ Authlib -0.15.5 +1.0.1 BSD License BSD 3-Clause License diff --git a/python/licenses/license_info.csv b/python/licenses/license_info.csv index bc1db6b..d4ead39 100644 --- a/python/licenses/license_info.csv +++ b/python/licenses/license_info.csv @@ -1,10 +1,10 @@ "Name","Version","License" -"Authlib","0.15.5","BSD License" -"certifi","2022.6.15","Mozilla Public License 2.0 (MPL 2.0)" +"Authlib","1.0.1","BSD License" +"certifi","2022.9.24","Mozilla Public License 2.0 (MPL 2.0)" "cffi","1.15.1","MIT License" -"cryptography","37.0.4","Apache Software License; BSD License" +"cryptography","38.0.1","Apache Software License; BSD License" "pycparser","2.21","BSD License" "python-dateutil","2.8.2","Apache Software License; BSD License" -"seldon-deploy-sdk","1.6.0","UNKNOWN" +"seldon-deploy-sdk","2.0.0.dev0","UNKNOWN" "six","1.16.0","MIT License" "urllib3","1.26.12","MIT License" \ No newline at end of file diff --git a/python/seldon_deploy_sdk/auth/__init__.py b/python/seldon_deploy_sdk/auth/__init__.py index 11cf15e..b9f75a2 100644 --- a/python/seldon_deploy_sdk/auth/__init__.py +++ b/python/seldon_deploy_sdk/auth/__init__.py @@ -1,4 +1,5 @@ +from .base import AuthMethod from .session import SessionAuthenticator from .openid import OIDCAuthenticator -__all__ = ["SessionAuthenticator", "OIDCAuthenticator"] +__all__ = ["AuthMethod", "SessionAuthenticator", "OIDCAuthenticator"] diff --git a/python/seldon_deploy_sdk/auth/openid.py b/python/seldon_deploy_sdk/auth/openid.py index 22e5e2e..78c2c7c 100644 --- a/python/seldon_deploy_sdk/auth/openid.py +++ b/python/seldon_deploy_sdk/auth/openid.py @@ -1,10 +1,11 @@ import logging import os import urllib3 +import webbrowser from typing import Dict from urllib.parse import urlencode -from authlib.integrations.base_client import FrameworkIntegration, RemoteApp +from authlib.integrations.base_client import FrameworkIntegration, OAuth2Mixin from authlib.integrations.requests_client import OAuth2Session from ..configuration import Configuration @@ -21,10 +22,6 @@ ACCESS_TOKEN_FIELD = "access_token" -class OIDCIntegration(FrameworkIntegration): - oauth2_client_cls = OAuth2Session - - def _get_token(token: Dict[str, str]) -> str: if ID_TOKEN_FIELD not in token: logger.info( @@ -43,7 +40,6 @@ def __init__(self, config: Configuration): super().__init__(config) if not config.verify_ssl: - os.environ["CURL_CA_BUNDLE"] = "" urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) if config.oidc_server is None: @@ -64,13 +60,15 @@ def __init__(self, config: Configuration): server_metadata_url = f"{config.oidc_server}/.well-known/openid-configuration" - self._app = RemoteApp( - framework=OIDCIntegration, + self._app = OAuth2Mixin( + framework=FrameworkIntegration, + client_kwargs={"verify": config.verify_ssl}, client_id=config.oidc_client_id, client_secret=config.oidc_client_secret, server_metadata_url=server_metadata_url, access_token_params=access_token_params, ) + self._app.client_cls = OAuth2Session self._app.load_server_metadata() @_soft_deprecate # type: ignore @@ -109,10 +107,15 @@ def _use_authorization_code(self): state=self._AuthCodeState, scope=self._config.scope, )["url"] + + webbrowser.open_new_tab(request_url) print( - "Please copy the following URL into a browser to log in.", - "You will be redirected and shown a code to copy and paste here.", - f"\n\n\t'{request_url}'\n\n", + "The following URL should have opened now on a new tab, where you " + "will be able to log in.\n" + "If it hasn't, please copy the following URL into a browser.\n" + "Once you have logged in, you will be redirected and will be shown a code " + "to copy and paste below." + f"\n\n\t{request_url}\n\n" ) response_code = self._get_response_code() response_code_query = urlencode({"code": response_code}) diff --git a/python/setup.py b/python/setup.py index cbfd443..c1db21c 100644 --- a/python/setup.py +++ b/python/setup.py @@ -27,9 +27,9 @@ "python-dateutil>=2.1", "six>=1.10", "urllib3>=1.23", - "Authlib<=0.16.0", + "Authlib>=1.0.0,<1.1.0", ] - + setup( name=NAME, diff --git a/templates/python/auth/__init__.py b/templates/python/auth/__init__.py index 11cf15e..b9f75a2 100644 --- a/templates/python/auth/__init__.py +++ b/templates/python/auth/__init__.py @@ -1,4 +1,5 @@ +from .base import AuthMethod from .session import SessionAuthenticator from .openid import OIDCAuthenticator -__all__ = ["SessionAuthenticator", "OIDCAuthenticator"] +__all__ = ["AuthMethod", "SessionAuthenticator", "OIDCAuthenticator"] diff --git a/templates/python/auth/openid.py b/templates/python/auth/openid.py index 22e5e2e..78c2c7c 100644 --- a/templates/python/auth/openid.py +++ b/templates/python/auth/openid.py @@ -1,10 +1,11 @@ import logging import os import urllib3 +import webbrowser from typing import Dict from urllib.parse import urlencode -from authlib.integrations.base_client import FrameworkIntegration, RemoteApp +from authlib.integrations.base_client import FrameworkIntegration, OAuth2Mixin from authlib.integrations.requests_client import OAuth2Session from ..configuration import Configuration @@ -21,10 +22,6 @@ ACCESS_TOKEN_FIELD = "access_token" -class OIDCIntegration(FrameworkIntegration): - oauth2_client_cls = OAuth2Session - - def _get_token(token: Dict[str, str]) -> str: if ID_TOKEN_FIELD not in token: logger.info( @@ -43,7 +40,6 @@ def __init__(self, config: Configuration): super().__init__(config) if not config.verify_ssl: - os.environ["CURL_CA_BUNDLE"] = "" urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) if config.oidc_server is None: @@ -64,13 +60,15 @@ def __init__(self, config: Configuration): server_metadata_url = f"{config.oidc_server}/.well-known/openid-configuration" - self._app = RemoteApp( - framework=OIDCIntegration, + self._app = OAuth2Mixin( + framework=FrameworkIntegration, + client_kwargs={"verify": config.verify_ssl}, client_id=config.oidc_client_id, client_secret=config.oidc_client_secret, server_metadata_url=server_metadata_url, access_token_params=access_token_params, ) + self._app.client_cls = OAuth2Session self._app.load_server_metadata() @_soft_deprecate # type: ignore @@ -109,10 +107,15 @@ def _use_authorization_code(self): state=self._AuthCodeState, scope=self._config.scope, )["url"] + + webbrowser.open_new_tab(request_url) print( - "Please copy the following URL into a browser to log in.", - "You will be redirected and shown a code to copy and paste here.", - f"\n\n\t'{request_url}'\n\n", + "The following URL should have opened now on a new tab, where you " + "will be able to log in.\n" + "If it hasn't, please copy the following URL into a browser.\n" + "Once you have logged in, you will be redirected and will be shown a code " + "to copy and paste below." + f"\n\n\t{request_url}\n\n" ) response_code = self._get_response_code() response_code_query = urlencode({"code": response_code}) diff --git a/templates/python/setup.mustache b/templates/python/setup.mustache index 021bedc..9763da3 100644 --- a/templates/python/setup.mustache +++ b/templates/python/setup.mustache @@ -21,9 +21,9 @@ REQUIRES = [ "python-dateutil>=2.1", "six>=1.10", "urllib3>=1.23", - "Authlib<=0.16.0", + "Authlib>=1.0.0,<1.1.0", ] - + {{#asyncio}} REQUIRES.append("aiohttp") {{/asyncio}}