Rationale
I’d like to integrate Girder with external apps through the OAuth flow. Possible use cases:
- Girder user would like to create a job that accesses a private repo from GitHub using their credentials.
- Girder user would like to access/import data from a Globus endpoint
Approach
I’d like to avoid rewriting oauth_login
plugin and reuse as much code as possible. I think that in order to achieve my goals it would be sufficient to short-circuit the login process based on events. As an example an event handler for oauth.auth_callback.before
could store the provider’s access token in the User model and stop further code execution in GET /oauth/<provider>/callback
:
diff --git a/plugins/oauth/girder_oauth/rest.py b/plugins/oauth/girder_oauth/rest.py
index 5a1b92624..63ca4e74b 100644
--- a/plugins/oauth/girder_oauth/rest.py
+++ b/plugins/oauth/girder_oauth/rest.py
@@ -133,18 +133,23 @@ class OAuth(Resource):
providerObj = provider(cherrypy.url())
token = providerObj.getToken(code)
- events.trigger('oauth.auth_callback.before', {
+ event = events.trigger('oauth.auth_callback.before', {
'provider': provider,
'token': token
})
+ if event.defaultPrevented:
+ raise cherrypy.HTTPRedirect(redirect)
+
user = providerObj.getUser(token)
- events.trigger('oauth.auth_callback.after', {
+ event = events.trigger('oauth.auth_callback.after', {
'provider': provider,
'token': token,
'user': user
})
+ if event.defaultPrevented:
+ raise cherrypy.HTTPRedirect(redirect)
girderToken = self.sendAuthTokenCookie(user)
try:
Please let me know if that’s a reasonable approach.