Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implementing Transaction API and Auth #33

Open
1 of 2 tasks
Tracked by #67
ranchodeluxe opened this issue Aug 30, 2023 · 2 comments
Open
1 of 2 tasks
Tracked by #67

Implementing Transaction API and Auth #33

ranchodeluxe opened this issue Aug 30, 2023 · 2 comments

Comments

@ranchodeluxe
Copy link
Contributor

ranchodeluxe commented Aug 30, 2023

For CDK and K8s what are the auth workflows we can use to wrap the transaction API for ingestion

AC:

  • implement transaction api
  • figure out how to authorize
@ranchodeluxe ranchodeluxe added the bug Something isn't working label Aug 30, 2023
@ranchodeluxe ranchodeluxe added priority:high and removed bug Something isn't working priority:high labels Aug 30, 2023
@ranchodeluxe
Copy link
Contributor Author

Let's wait until we have a bulk API ingest in STAC

@batpad
Copy link
Member

batpad commented Feb 2, 2024

Going to try and enliven this issue. Ref https://github.com/developmentseed/labs/issues/346 .

I think we have a decent implementation thanks to @alukach and @edkeeble of handling OAuth2, and then connecting to an authorization system to implement some authorization rules.

Relevant repos:

I'd love to see if this could be added to the eoapi-k8s setup and maybe we figure out some basic configurability that's possible via supplying some values. So maybe to start with, something like:

  • add an enable_authentication option in values that users can set to true
  • this some-how enables the authentication and authorization bits in the FastAPI app (I'm a bit fuzzy about how exactly we implement this)
  • to start with, provide simple default presets for authorization schemes:
    • Everyone can read, people in an admins group can write
    • No public read access. People in group members can read, admins can write

We can document how you could write code to implement more complex auth scenarios, but this would allow us to have authentication and authorization out-of-the-box with an eoapi-k8s install.

@ranchodeluxe does this sound reasonable? Would you have the time / interest to try and help?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants