Closed frascuchon closed 4 months ago
🤖
Hey there @frascuchon! 😃 Great to see you back stirring up some magic in the Argilla cauldron! How's everything going on your end?
To enhance the OAuth integration in Argilla by better linking OAuth users and Argilla users, a new mapping table can be created. This table can store the relationship between the OAuth provider's user ID and the Argilla user ID.
Here's an example of how you can use SQLAlchemy to create a new model for this table:
from sqlalchemy import Column, Integer, String, ForeignKey
from sqlalchemy.orm import relationship
from argilla.server.database import Base
class OAuthUser(Base):
__tablename__ = "oauth_users"
id = Column(Integer, primary_key=True, index=True)
provider = Column(String, index=True)
provider_user_id = Column(String, index=True)
argilla_user_id = Column(Integer, ForeignKey("users.id"))
user = relationship("User", back_populates="oauth_users")
In the User model, you can add a relationship to the OAuthUser:
from sqlalchemy.orm import relationship
class User(Base):
# existing fields...
oauth_users = relationship("OAuthUser", back_populates="user")
Then, in the get_access_token
function, you can create a new OAuthUser when a user logs in via OAuth for the first time:
oauth_user = await accounts.get_oauth_user_by_provider_and_provider_user_id(db, provider.name, user_info.id)
if oauth_user is None:
await accounts.create_oauth_user(
db,
provider_name=provider.name,
provider_user_id=user_info.id,
argilla_user_id=user.id,
)
Regarding the authlib
package, it's a great library for OAuth but it does use session middleware. If you don't want to use sessions on your server, you can use the authlib
package for the OAuth flow but avoid using its session middleware. Instead, you can use JWTs or another stateless authentication method to keep track of logged-in users.
Please note that you'll need to implement the get_oauth_user_by_provider_and_provider_user_id
and create_oauth_user
functions in the accounts
module.
Currently, the method of linking OAuth users and Argilla users in the Argilla codebase is based on the user's role at the time of creation. This is done in the _is_user_created_by_oauth_provider
function, which checks if the user's role is equal to _USER_ROLE_ON_CREATION
(which is set to UserRole.annotator
). If the user's role matches this, it is assumed that the user was created by the OAuth provider. However, this is a temporary solution and the developers plan to link the created user with the provider in the future.
I hope this helps! If you have any further questions, feel free to ask.
Best, Dosu
This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.
Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.
If you want to continue the conversation, start your reply with @dosu-bot.
This issue is stale because it has been open for 90 days with no activity.
This issue was closed because it has been inactive for 30 days since being marked as stale.
Some improvement points:
authlib
package (:warning: this package is using session middleware and maybe we don't want it in our server)/api/v1/oauth2/:provider/callback
which tackles step after oauth login. The final step can be redirect to the frontend uri