Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TCE-807: Browser login #112

Merged
merged 10 commits into from
Aug 30, 2022
Merged

TCE-807: Browser login #112

merged 10 commits into from
Aug 30, 2022

Conversation

bcmdarroch
Copy link
Contributor

@bcmdarroch bcmdarroch commented Aug 19, 2022

🛠️ Description

This PR introduces the ability to log in via the browser when no client credentials are configured on the HCP Go SDK. 🎉

It uses the OAuth2 implicit flow, implemented by golang's standard oauth2 library, to direct users to a browser to login with their username and password. On successful authentication, the Go SDK is configured with an HCP access token that can be used for up to an hour.

Follow-up work includes the creation of an auth cache library to enable background token refreshing.

🧪 Test Locally

  1. Set the following environment variables
export HCP_ORGANIZATION_ID=...
export HCP_PROJECT_ID=...
  1. Run the test client.
$  go run ./cmd/hcp-sdk-go-client/main.go    
The default web browser has been opened at https://auth.hashicorp.com/oauth2/auth. Please continue the login in the web browser.
Success!
Response: &models.HashicorpCloudNetwork20200907Network{CidrBlock:"172.25.16.0/20", CreatedAt:strfmt.DateTime{wall:0x0, ext:63756371090, loc:(*time.Location)(nil)}, ID:"hvn", Location:(*models.HashicorpCloudLocationLocation)(0xc00012f170), ProviderNetworkData:(*models.HashicorpCloudNetwork20200907NetworkProviderNetworkData)(0xc000128570), State:"STABLE"}

Response: &models.HashicorpCloudConsul20210204Cluster{Config:(*models.HashicorpCloudConsul20210204ClusterConfig)(0xc0000adaa0), ConsulVersion:"v1.9.17", CreatedAt:strfmt.DateTime{wall:0x0, ext:63761292414, loc:(*time.Location)(nil)}, DNSNames:(*models.HashicorpCloudConsul20210204ClusterDNSNames)(0xc0002a7640), ID:"consul-cluster", Location:(*models.HashicorpCloudLocationLocation)(0xc000364ff0), ResourceID:"b4aa30a9-86cc-41c4-81d6-3cd3b3c9fb0d", State:"RUNNING"}

🚢 Release Note

Release note for CHANGELOG:

Enable browser login when client credentials are unavailable

👍 Definition of Done

  • If no client credentials are configured, the Go SDK can use a token obtained through browser login.

@bcmdarroch bcmdarroch requested a review from a team August 19, 2022 22:37
Comment on lines -53 to -57
{
name: "missing credentials",
options: []HCPConfigOption{},
expectedError: "the configuration is not valid: client credentials need to be provided",
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: I understand why this was taken out but what if the client only provides one of the two credentials? Will the browser login workflow just kick in anyways or do we assume the user wanted to try logging in with creds?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good point. I'll see about adding a check for when partial credentials are provided. But anytime both client credentials are missing, then we trigger browser login.

@bcmdarroch
Copy link
Contributor Author

Update: this is blocked while we take care of some configuration changes to support the new identity provider introduced by #114.

@bcmdarroch bcmdarroch force-pushed the tce-807-browser-login-os branch from 9c09d00 to d414160 Compare August 29, 2022 22:39
@bcmdarroch bcmdarroch force-pushed the tce-807-browser-login-os branch from d414160 to d2eb883 Compare August 29, 2022 22:41
@bcmdarroch bcmdarroch force-pushed the tce-807-browser-login-os branch from 7f5faa1 to 20968ce Compare August 30, 2022 21:40
@bcmdarroch
Copy link
Contributor Author

Configuration complete!

@bcmdarroch bcmdarroch force-pushed the tce-807-browser-login-os branch from 20968ce to efa80b7 Compare August 30, 2022 21:44
@bcmdarroch bcmdarroch merged commit ca31f5c into main Aug 30, 2022
@bcmdarroch bcmdarroch deleted the tce-807-browser-login-os branch August 30, 2022 21:46
@bcmdarroch bcmdarroch mentioned this pull request Aug 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants