AKSW / RDFUnit

An RDF Unit Testing Suite
http://RDFUnit.aksw.org
Apache License 2.0
155 stars 40 forks source link

Feature: Allow for using bearer token with secured SPARQL endpoints #122

Open seebi opened 2 years ago

seebi commented 2 years ago

Expected Behavior

In the coypu project, we need to fetch data from graphs which are in SPARQL endpoints secured with OAUTH2 (client credential flow).

Given an available token, which is provided via an environment variable (e.g. RDFUNIT_BEARER_TOKEN), the expected behaviour of this feature is, that rdfunit uses this token to provide authentication to the endpoint.

This is basically as easy as adding the following header to all HTTP requests to the SPARQL endpoint:

Authorization: Bearer ${RDFUNIT_BEARER_TOKEN}

Reference: https://www.rfc-editor.org/rfc/rfc6750#section-2

Actual Behavior

rdfunit is not able to use token based authentication on endpoints

Test Environment

Given the following cmemc config, you can fetch a token as follows with cmemc.

$ cat cmemc.ini
[pm.coypu.org]
CMEM_BASE_URI=https://pm.coypu.org/
OAUTH_GRANT_TYPE=client_credentials
OAUTH_CLIENT_ID=cmem-service-account
OAUTH_CLIENT_SECRET=...

$ cmemc --config-file cmemc.ini -c pm.coypu.org admin token
[token here]

# authenticated
$ curl -H "Authorization: Bearer $(cmemc --config-file cmemc.ini -c pm.coypu.org admin token)" https://pm.coypu.org/dataplatform/proxy/default/sparql -G --data-urlencode "query=SELECT ?noop WHERE {BIND ('output' AS ?noop)}"
[query result here]

# NOT authenticated
$ curl https://pm.coypu.org/dataplatform/proxy/default/sparql -G --data-urlencode "query=SELECT ?noop WHERE {BIND ('output' AS ?noop)}"
{"title":"Unauthorized","status":401,"detail":"Full authentication is required to access this resource"}%

Team

@Aklakan will implement this @mgns @rpietzsch and @seebi are happy to test this and provide feedback

What this request is not about

This request is not about how this token fetched from an identity provider. Assuming the token is available is ok.

mgns commented 2 years ago

Draft implementation of this feature in https://github.com/mgns/RDFUnit/tree/feature/bearerTokenSupport