search

michael-simons / neo4j-migrations

Automated script runner aka "Migrations" for Neo4j. Inspired by Flyway.
https://michael-simons.github.io/neo4j-migrations/
Apache License 2.0
113 stars 22 forks source link

Custom token support #1272

Closed ttemple06 closed 5 months ago

ttemple06 commented 5 months ago

Hi @michael-simons, I am facing a requirement to use a custom AuthToken such as described in the neo4j documentation. Is this something that can be supported in the near future?

michael-simons commented 5 months ago

Hi.

In which context is that requirement?

For the CLI we just added support for a plain BEARER token, see https://github.com/michael-simons/neo4j-migrations/commit/819c02f4580f116542a2ec4b2cc7ad5c0afc0e59

From within Spring Boot

spring.neo4j.authentication.username= # mapped to principal
spring.neo4j.authentication.password= # mapped to credentials
spring.neo4j.authentication.realm= # mapped to realm
# scheme not configurable

Kerberos can be configured there, too.

Alternatively provide a connection details like this

import java.net.URI;

import org.neo4j.driver.AuthToken;
import org.neo4j.driver.AuthTokens;
import org.springframework.boot.autoconfigure.neo4j.Neo4jConnectionDetails;
import org.springframework.boot.autoconfigure.neo4j.Neo4jProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration(proxyBeanMethods = false)
public class Neo4jCustomAuthConfig {

    @Bean
    Neo4jConnectionDetails neo4jConnectionDetails(Neo4jProperties properties) {

        return new Neo4jConnectionDetails() {
            @Override
            public AuthToken getAuthToken() {
                return AuthTokens.bearer("whatever")
            }

            @Override
            public URI getUri() {
                return properties.getUri();
            }
        };
    }
}

Or an AuthTokenManager like this, supporting bearer, expiring or not:

import java.time.Duration;
import java.time.ZonedDateTime;

import org.neo4j.driver.AuthTokenAndExpiration;
import org.neo4j.driver.AuthTokenManager;
import org.neo4j.driver.AuthTokenManagers;
import org.neo4j.driver.AuthTokens;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration(proxyBeanMethods = false)
public class Neo4jCustomAuthConfig {

    @Bean
    AuthTokenManager authTokenManager() {
        return AuthTokenManagers.bearer(this::retrieveNewToken);
    }

    private AuthTokenAndExpiration retrieveNewToken() {
        return AuthTokens.bearer(
            "This method gets called from the driver to retrieve a new token.Do what's necessary here and return the token instead of this string"
        )
            // Only do this when your token expires
            .expiringAt(ZonedDateTime.now().plus(Duration.ofDays(365)).toInstant().toEpochMilli())
            ;
    }
}

Does that help?

ttemple06 commented 5 months ago

Thanks for your quick reply! I should have mentioned, the context is from the CLI. I saw the recent support for bearer and was wondering the same for custom. Thanks again!

michael-simons commented 5 months ago

So that means, you are missing realm and scheme.

Sure, this is something we can end early next month.

michael-simons commented 5 months ago

Hej :) See the message in commit 5793af4 (My tooling messed up the last consecutive dashes, it's always --). Thanks for the suggestion, release will be in 2 weeks.

michael-simons commented 5 months ago

@all-contributors please add @ttemple06 for ideas

allcontributors[bot] commented 5 months ago

@michael-simons

I've put up a pull request to add @ttemple06! :tada:

michael-simons commented 5 months ago

This was just released as 2.10.0 https://github.com/michael-simons/neo4j-migrations/releases/tag/2.10.0