Update Authlib and pass verify flag downstream

README.md

@@ -23,14 +23,14 @@ You can see an example usage below:
 
 ```python
 from seldon_deploy_sdk import EnvironmentApi, Configuration, ApiClient
-from seldon_deploy_sdk.auth import OIDCAuthenticator
+from seldon_deploy_sdk.auth import AuthMethod, OIDCAuthenticator
 
 config = Configuration()
 config.host = "http://X.X.X.X/seldon-deploy/api/v1alpha1"
 config.oidc_client_id = "sd-api"
 config.oidc_client_secret = "sd-api-secret"
 config.oidc_server = "http://X.X.X.X/auth/realms/deploy-realm"
-config.auth_method = "auth_code"
+config.auth_method = AuthMethod.AUTH_CODE
 
 auth = OIDCAuthenticator(config)
 config.id_token = auth.authenticate()

python/licenses/license.txt

@@ -1,5 +1,5 @@
 Authlib
-0.15.5
+1.0.1
 BSD License
 BSD 3-Clause License
 

python/licenses/license_info.csv

@@ -1,5 +1,5 @@
 "Name","Version","License"
-"Authlib","0.15.5","BSD License"
+"Authlib","1.0.1","BSD License"
 "certifi","2022.9.24","Mozilla Public License 2.0 (MPL 2.0)"
 "cffi","1.15.1","MIT License"
 "cryptography","38.0.1","Apache Software License; BSD License"

python/seldon_deploy_sdk/auth/__init__.py

@@ -1,4 +1,5 @@
+from .base import AuthMethod
 from .session import SessionAuthenticator
 from .openid import OIDCAuthenticator
 
-__all__ = ["SessionAuthenticator", "OIDCAuthenticator"]
+__all__ = ["AuthMethod", "SessionAuthenticator", "OIDCAuthenticator"]

python/seldon_deploy_sdk/auth/openid.py

@@ -1,10 +1,11 @@
 import logging
 import os
 import urllib3
+import webbrowser
 
 from typing import Dict
 from urllib.parse import urlencode
-from authlib.integrations.base_client import FrameworkIntegration, RemoteApp
+from authlib.integrations.base_client import FrameworkIntegration, OAuth2Mixin
 from authlib.integrations.requests_client import OAuth2Session
 
 from ..configuration import Configuration
@@ -21,10 +22,6 @@
 ACCESS_TOKEN_FIELD = "access_token"
 
 
-class OIDCIntegration(FrameworkIntegration):
-    oauth2_client_cls = OAuth2Session
-
-
 def _get_token(token: Dict[str, str]) -> str:
     if ID_TOKEN_FIELD not in token:
         logger.info(
@@ -43,7 +40,6 @@ def __init__(self, config: Configuration):
         super().__init__(config)
 
         if not config.verify_ssl:
-            os.environ["CURL_CA_BUNDLE"] = ""
             urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
         if config.oidc_server is None:
@@ -64,13 +60,15 @@ def __init__(self, config: Configuration):
 
         server_metadata_url = f"{config.oidc_server}/.well-known/openid-configuration"
 
-        self._app = RemoteApp(
-            framework=OIDCIntegration,
+        self._app = OAuth2Mixin(
+            framework=FrameworkIntegration,
+            client_kwargs={"verify": config.verify_ssl},
             client_id=config.oidc_client_id,
             client_secret=config.oidc_client_secret,
             server_metadata_url=server_metadata_url,
             access_token_params=access_token_params,
         )
+        self._app.client_cls = OAuth2Session
         self._app.load_server_metadata()
 
     @_soft_deprecate  # type: ignore
@@ -109,10 +107,15 @@ def _use_authorization_code(self):
             state=self._AuthCodeState,
             scope=self._config.scope,
         )["url"]
+
+        webbrowser.open_new_tab(request_url)
         print(
-            "Please copy the following URL into a browser to log in.",
-            "You will be redirected and shown a code to copy and paste here.",
-            f"\n\n\t'{request_url}'\n\n",
+            "The following URL should have opened now on a new tab, where you "
+            "will be able to log in.\n"
+            "If it hasn't, please copy the following URL into a browser.\n"
+            "Once you have logged in, you will be redirected and will be shown a code "
+            "to copy and paste below."
+            f"\n\n\t{request_url}\n\n"
         )
         response_code = self._get_response_code()
         response_code_query = urlencode({"code": response_code})

python/setup.py

@@ -27,9 +27,9 @@
     "python-dateutil>=2.1",
     "six>=1.10",
     "urllib3>=1.23",
-    "Authlib<=0.16.0",
+    "Authlib>=1.0.0,<1.1.0",
 ]
-    
+
 
 setup(
     name=NAME,

templates/python/auth/__init__.py

@@ -1,4 +1,5 @@
+from .base import AuthMethod
 from .session import SessionAuthenticator
 from .openid import OIDCAuthenticator
 
-__all__ = ["SessionAuthenticator", "OIDCAuthenticator"]
+__all__ = ["AuthMethod", "SessionAuthenticator", "OIDCAuthenticator"]

templates/python/auth/openid.py

@@ -1,10 +1,11 @@
 import logging
 import os
 import urllib3
+import webbrowser
 
 from typing import Dict
 from urllib.parse import urlencode
-from authlib.integrations.base_client import FrameworkIntegration, RemoteApp
+from authlib.integrations.base_client import FrameworkIntegration, OAuth2Mixin
 from authlib.integrations.requests_client import OAuth2Session
 
 from ..configuration import Configuration
@@ -21,10 +22,6 @@
 ACCESS_TOKEN_FIELD = "access_token"
 
 
-class OIDCIntegration(FrameworkIntegration):
-    oauth2_client_cls = OAuth2Session
-
-
 def _get_token(token: Dict[str, str]) -> str:
     if ID_TOKEN_FIELD not in token:
         logger.info(
@@ -43,7 +40,6 @@ def __init__(self, config: Configuration):
         super().__init__(config)
 
         if not config.verify_ssl:
-            os.environ["CURL_CA_BUNDLE"] = ""
             urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
         if config.oidc_server is None:
@@ -64,13 +60,15 @@ def __init__(self, config: Configuration):
 
         server_metadata_url = f"{config.oidc_server}/.well-known/openid-configuration"
 
-        self._app = RemoteApp(
-            framework=OIDCIntegration,
+        self._app = OAuth2Mixin(
+            framework=FrameworkIntegration,
+            client_kwargs={"verify": config.verify_ssl},
             client_id=config.oidc_client_id,
             client_secret=config.oidc_client_secret,
             server_metadata_url=server_metadata_url,
             access_token_params=access_token_params,
         )
+        self._app.client_cls = OAuth2Session
         self._app.load_server_metadata()
 
     @_soft_deprecate  # type: ignore
@@ -109,10 +107,15 @@ def _use_authorization_code(self):
             state=self._AuthCodeState,
             scope=self._config.scope,
         )["url"]
+
+        webbrowser.open_new_tab(request_url)
         print(
-            "Please copy the following URL into a browser to log in.",
-            "You will be redirected and shown a code to copy and paste here.",
-            f"\n\n\t'{request_url}'\n\n",
+            "The following URL should have opened now on a new tab, where you "
+            "will be able to log in.\n"
+            "If it hasn't, please copy the following URL into a browser.\n"
+            "Once you have logged in, you will be redirected and will be shown a code "
+            "to copy and paste below."
+            f"\n\n\t{request_url}\n\n"
         )
         response_code = self._get_response_code()
         response_code_query = urlencode({"code": response_code})

templates/python/setup.mustache

@@ -21,9 +21,9 @@ REQUIRES = [
     "python-dateutil>=2.1",
     "six>=1.10",
     "urllib3>=1.23",
-    "Authlib<=0.16.0",
+    "Authlib>=1.0.0,<1.1.0",
 ]
-    
+
 {{#asyncio}}
 REQUIRES.append("aiohttp")
 {{/asyncio}}