Feature request: AiiDA GUI [EXPLORE section] should be able to connect to remote servers with the Basic HTTP Auth

[blokhin]

Hi!

We run AiiDA instances in several public clouds and programmatically connect to them using the REST API. To engage security, we close AiiDA's Flask with the Basic HTTP Auth. I wanted to try an EXPLORE section but it seems to support nor remote servers (Error while connecting to new REST endpoint! [Network Connection Error]), neither any kind of auth.

[blokhin]

So I temporarily disabled authentication and did Access-Control-Allow-Origin https://www.materialscloud.org but it doesn't help.

[ltalirz]

Hi @blokhin thanks for letting us know! Just last week I told @waychal and @asle85 that it would be great if one could pass the REST API as a URL parameter to the EXPLORE section and thus be able to directly link to an explore section without having to go through https://www.materialscloud.org/explore/connect

Do I understand correctly that this would also address your use case?

[blokhin]

@ltalirz exactly. Thanks for letting me know.

[blokhin]

Dear @waychal could you help me in this?

[ltalirz]

@waychal told me yesterday she already had a first implementation but didn't yet have time to test it. @waychal: Would it perhaps make sense for you to sit together with @blokhin tomorrow to get this to work?

[waychal]

@blokhin today we can sit together and check it.

[blokhin]

@waychal great, thanks for your assistance!

[ltalirz]

very curious: so what's the status here?

[blokhin]

Supposedly, the planned release of the EXPLORE section as an isolated AiiDA GUI web-app will allow closing this issue. I was told this is planned after the final AiiDA 1.0 release.

[waychal]

@ltalirz Currently materials cloud is running on https and it does not allow to connect to the server running on http. Also materials cloud can not connect to the server which requires to enter username/password (with basic authentication) to access the data. Thats the case with @blokhin (this issue). We will implement this feature soon. We tested his server where authentication is not required and it worked fine.

In AiiDA, there is a plan to provide GUI to access the data from database through rest api. But this feature will be available after AiiDA release 1.0.

[ltalirz]

Cool, so can you provide an example link that includes the REST API as a URL parameter?

[blokhin]

@ltalirz I think, it's not supported for now.

[ltalirz]

@blokhin fyi - snehal has deployed it on the development server nw; e.g. https://dev-www.materialscloud.org/explore/ownrestapi?base_url=https://dev-www.materialscloud.org/2dstructures/api/v2

or https://dev-www.materialscloud.org/explore/ownrestapi?base_url=http://127.0.0.1:5000/api/v2

[blokhin]

@waychal at this moment, the basic HTTP auth is not supported, right? If you have any plans to support is in future, please, let me know.

[blokhin]

Also a mixed http + https content is an issue. I think, it can be resolved e.g. presenting an intermediate proxy as we did for Optimade CORS here: https://cors.optimade.org

[ltalirz]

@waychal at this moment, the basic HTTP auth is not supported, right?

You mean connecting to a REST API that is protected via HTTP Auth? We currently don't have this feature implemented. If the code was open-sourced would you be interested in adding support for this?

Also a mixed http + https content is an issue. I think, it can be resolved e.g. presenting an intermediate proxy as we did for Optimade CORS here: https://cors.optimade.org

Good point, so for a quick test we could even use that server. Something else that should in principle be pretty easy to implement.

If you'd like to have a chat about this, just drop me an email.

[blokhin]

You mean connecting to a REST API that is protected via HTTP Auth?

Yes

If the code was open-sourced would you be interested in adding support for this?

Yes

If you'd like to have a chat about this, just drop me an email.

☺️

[ltalirz]

@blokhin code of explore section is now open source at https://github.com/materialscloud-org/aiida-explorer Contributions welcome!

[ltalirz]

by the way, if you're interested in contributing the authentication implementation back into aiida-core that would also be welcome! we are anyhow planning to work on the REST API going forward to support not only queries but job management as well; if you have inputs on this topic, please let us know

[blokhin]

@ltalirz of course, it's up to you guys to support user authentication / authorization in AiiDA core, but I'd not recommend that. You'll make the core fairly more complex and heavyweight for a not fully relevant feature --- and your responsibility for that feature will be critically high.

[blokhin]

An external auth control may be provided by literally any front-end server very easily. E.g. in Nginx the basic HTTP auth is set up with just 2 lines, and the whole bunch of other more advanced options are supported out-of-the-box.

[ltalirz]

Thanks, that makes sense.