Open joeflack4 opened 10 months ago
The Palantir instructions seem to have changed. I'm supposed to set up a pair programming session with Maya to get help getting it to work. Commented out for now.
How it works: Click a button, reroutes you to enlave login page. Then that sends you to a redirect URL. At that point your app has access to auth token. Then we send that to the backend to do everything as that user. Or we could achieve some of those things using the service token and multipass id.
Update 2023-09-22
As of 274fa80, we got it working on localhost, but commented it out. See the notes for that commit for next steps, if we ever implement this.
Overview
We want to be able to have users log into TermHub using their N3C Data Enclave credentials. User authentication allows us to build in new functionality, and using N3C as the auth provider is the only way to authorize TermHub to make actions on behalf of the user.
Notes
Ostensibly this will involve the Foundry application SDK. That page has a setup guide and examples in Python and TypeScript.
For example, we imagine that the SDK should provide a way to access the
multiPassId
or call an action on behalf of the user and pass the authed users'smultiPassId
through.Installation appears to be a little different for this SDK:
pip install termhub_sdk --upgrade --extra-index-url "https://:$[FOUNDRY_SDK_AUTH_TOKEN@unite.nih.gov](mailto:FOUNDRY_SDK_AUTH_TOKEN@unite.nih.gov)/artifacts/api/repositories/ri.artifacts.main.repository.10d521f8-7ba3-42d8-a0af-9736d1ea3bd9/contents/release/pypi/simple"
Maya Choudhury thinks we may need an existing setup like this or this, but I'm not 100% sure about that.
9/20 Maya linked new boilerplate example for Python.
Links
Questions
FOUNDRY_SDK_AUTH_TOKEN
expires? If so, it doesn't sound like we can use this. How often does it expire? Can we know that in advance? Perhaps we'd need to decouple and deploy a separate auth server to deal with that, rather than deploy a new version of TermHub each time.Related
Replaces:
87