Closed ttemple06 closed 5 months ago
Hi.
In which context is that requirement?
For the CLI we just added support for a plain BEARER
token, see https://github.com/michael-simons/neo4j-migrations/commit/819c02f4580f116542a2ec4b2cc7ad5c0afc0e59
From within Spring Boot
spring.neo4j.authentication.username= # mapped to principal
spring.neo4j.authentication.password= # mapped to credentials
spring.neo4j.authentication.realm= # mapped to realm
# scheme not configurable
Kerberos can be configured there, too.
Alternatively provide a connection details like this
import java.net.URI;
import org.neo4j.driver.AuthToken;
import org.neo4j.driver.AuthTokens;
import org.springframework.boot.autoconfigure.neo4j.Neo4jConnectionDetails;
import org.springframework.boot.autoconfigure.neo4j.Neo4jProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration(proxyBeanMethods = false)
public class Neo4jCustomAuthConfig {
@Bean
Neo4jConnectionDetails neo4jConnectionDetails(Neo4jProperties properties) {
return new Neo4jConnectionDetails() {
@Override
public AuthToken getAuthToken() {
return AuthTokens.bearer("whatever")
}
@Override
public URI getUri() {
return properties.getUri();
}
};
}
}
Or an AuthTokenManager
like this, supporting bearer, expiring or not:
import java.time.Duration;
import java.time.ZonedDateTime;
import org.neo4j.driver.AuthTokenAndExpiration;
import org.neo4j.driver.AuthTokenManager;
import org.neo4j.driver.AuthTokenManagers;
import org.neo4j.driver.AuthTokens;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration(proxyBeanMethods = false)
public class Neo4jCustomAuthConfig {
@Bean
AuthTokenManager authTokenManager() {
return AuthTokenManagers.bearer(this::retrieveNewToken);
}
private AuthTokenAndExpiration retrieveNewToken() {
return AuthTokens.bearer(
"This method gets called from the driver to retrieve a new token.Do what's necessary here and return the token instead of this string"
)
// Only do this when your token expires
.expiringAt(ZonedDateTime.now().plus(Duration.ofDays(365)).toInstant().toEpochMilli())
;
}
}
Does that help?
Thanks for your quick reply! I should have mentioned, the context is from the CLI. I saw the recent support for bearer and was wondering the same for custom. Thanks again!
So that means, you are missing realm
and scheme
.
Sure, this is something we can end early next month.
Hej :) See the message in commit 5793af4 (My tooling messed up the last consecutive dashes, it's always --
). Thanks for the suggestion, release will be in 2 weeks.
@all-contributors please add @ttemple06 for ideas
@michael-simons
I've put up a pull request to add @ttemple06! :tada:
This was just released as 2.10.0 https://github.com/michael-simons/neo4j-migrations/releases/tag/2.10.0
Hi @michael-simons, I am facing a requirement to use a custom AuthToken such as described in the neo4j documentation. Is this something that can be supported in the near future?