search

airbytehq / airbyte

The leading data integration platform for ETL / ELT data pipelines from APIs, databases & files to data warehouses, data lakes & data lakehouses. Both self-hosted and Cloud-hosted.
https://airbyte.com
Other
15.68k stars 4.02k forks source link

Low-code CDK: Support JWT bearer token oauth flow #25728

Closed belgiandieter closed 5 months ago

belgiandieter commented 1 year ago

Component Description

I was trying to pull meta-data from google cloud and found that the authentication method is not supported by the user interface of airbyte. For one, it does not use a refresh token. This is required in the airbyte low code ui.

https://developers.google.com/identity/protocols/oauth2/service-account https://developers.google.com/identity/protocols/oauth2/service-account#authorizingrequests (to be more specific)

It is similar to the issue: https://github.com/airbytehq/airbyte/issues/23450

Proposed Solution

See the proposal doc for the full proposal.

Proposed schema of new JWT Authenticator component:

JwtAuthenticator:
    type: object
    required:
      - type
      - key
      - payload
      - algorithm
      - expiration_time
      - inject_into
    properties:
      type:
        type: string
        enum: [JwtAuthenticator]
      key:
        type: string
        description: The interpolated key used for signing (will come from the configuration in almost all cases)
      payload:
        type: object
        description: Recursively interpolated object for the payload of the JWT
      headers:
        type: object
        additionalProperties:
          type: string
        description: Single-level interpolated object for JWT header fields. If not provided, is set to {"typ": "JWT"}
      algorithm:
         type: string
         enum: [HS256, HS384, HS512, ES256, ES256K, ES384, ES512, RS256, RS384, RS512, PS256, PS384, PS512, EdDSA]
        description: The algorithm used for signing
      expiration_time:
        type: string
        description: ISO duration how long the JWT should be valid
      request_authentication:
   oneOf:
     - type:
       enum: [ApiKey]
       inject_into:
         ref: #/definitions/RequestOption
     - type:
       enum: [Bearer]

Acceptance criteria

sherifnada commented 1 year ago

@belgiandieter to clarify, is this issue requesting JWT authentication like described in this screenshot? (taken from the link you provided in the description)

Screen Shot 2023-05-01 at 1 16 22 PM
belgiandieter commented 1 year ago

Yes, indeed. (Just as a big caveat, I am very new to this and I don't understand all of the details)

flash1293 commented 1 year ago

The Apple store API uses that as well: https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests

pnilan commented 5 months ago

Closing this issue with merge of https://github.com/airbytehq/airbyte/pull/37005