Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic JWT-based authentication and authorization #8627

Open
wants to merge 25 commits into
base: main
Choose a base branch
from
Open

Basic JWT-based authentication and authorization #8627

wants to merge 25 commits into from

Conversation

grtlr
Copy link
Contributor

@grtlr grtlr commented Jan 9, 2025
edited
Loading

What

This adds a new re_auth crate with the following features:

  • JWT-based symmetric authorization and authentication (basic read/write modes).
  • Rerun-ified abstraction over jwt-simple so that we can swap it out.
  • Helpers to convert a SecretKey from/to base64 to be used with redap-cli.
  • tonic::Interceptors for both client and server side middleware with an authorization: Bearer <token> header.

Here is what a SecretKey (HS256) looks like in base64:

pBiQ9NVDj1elVjATgyL5EYri/9paHwvz78lsx7QCq9E=

We can use that to generate a basic token:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJyZWRhcC1jbGkiLCJzdWIiOiJqb2NoZW5AcmVydW4uaW8iLCJhdWQiOiJyZWRhcCIsImV4cCI6MTczNjg3MjUzNCwiaWF0IjoxNzM2ODQ0NTM0fQ.QHI99cXIi4VjhZKBJmLb13NynOjvmUWuxy63CUwiBlA

Which you can verify yourself via www.jwt.io.

image

@grtlr grtlr added exclude from changelog PRs with this won't show up in CHANGELOG.md dataplatform Rerun Data Platform integration labels Jan 9, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 9, 2025
edited
Loading

Web viewer built successfully. If applicable, you should also test it:

  • I have tested the web viewer
Result Commit Link Manifest
0a01c19 https://rerun.io/viewer/pr/8627 +nightly +main

Note: This comment is updated whenever you push a commit.

@grtlr grtlr marked this pull request as ready for review January 10, 2025 13:54
jleibs
jleibs reviewed Jan 10, 2025
View reviewed changes
crates/store/re_auth/src/lib.rs Outdated Show resolved Hide resolved
crates/store/re_auth/src/permission.rs Outdated Show resolved Hide resolved
@grtlr grtlr marked this pull request as draft January 13, 2025 10:35
@grtlr grtlr marked this pull request as ready for review January 13, 2025 16:36
@grtlr grtlr marked this pull request as draft January 13, 2025 18:27
zehiko
zehiko approved these changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@zehiko zehiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have all the context on what was discussed, but this is really easy to follow code and having a notion of "provider" that can later be switched with some other components makes sense to me.

@grtlr
Copy link
Contributor Author

grtlr commented Jan 14, 2025

@jleibs it would be awesome if you could also have another look. 🙏

@grtlr grtlr marked this pull request as ready for review January 14, 2025 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zehiko zehiko zehiko approved these changes

@jleibs jleibs jleibs approved these changes

Assignees
No one assigned
Labels
dataplatform Rerun Data Platform integration exclude from changelog PRs with this won't show up in CHANGELOG.md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@grtlr @jleibs @zehiko