Implement Google authentication and scope authorization on Breadboard Web

breadboard-ai / breadboard

A library for prototyping generative AI applications.

Apache License 2.0

97 stars 20 forks source link

Implement Google authentication and scope authorization on Breadboard Web #938

Open dglazkov opened 4 months ago

dglazkov commented 4 months ago

We really need to get Google authentication and scope authorization implemented for Breadboard web app. This would allow us build graphs that talk to Google APIs and use credentials and tokens properly.

The current credentials node is a dead end in this respect: it presumes that it runs in the browser and that is too limiting. Instead, we likely need an approach where we teach the secrets node to deal with complex secrets (like, GOOGLE_AUTH key + a list of scopes) and let the app take care of the authentication.

Mearman commented 4 months ago

this could be useful for the Drive access version of this ticket https://github.com/breadboard-ai/breadboard/issues/927 and then https://github.com/breadboard-ai/breadboard/issues/939

zeroasterisk commented 1 month ago

Agreed, was dusting off my use cases, and I cannot really proceed without a bearer token scoped to my application or user credentials :(

I'm spoiled with colab and...

import sys

if "google.colab" in sys.modules:
    from google.colab import auth as google_auth

    google_auth.authenticate_user()

from google.auth import default

creds, _ = default()

Could we do something which is (to the user) as simple?

Mearman commented 1 month ago

@zeroasterisk I haven't finishing building it yet. But I have ended up using a Service Account with domain wide delegation to generate an OAuth token headlessly

dglazkov commented 1 month ago

We have a path with the connection server, need to get there.

cc @aomarks