Socket
Socket
Sign inDemoInstall

@deephaven/auth-plugins

Package Overview
Dependencies
10
Maintainers
7
Versions
309
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

    @deephaven/auth-plugins

Deephaven Auth Plugins

Version published
Maintainers
7
Created

Changelog

Source

0.77.0 (2024-05-07)

Bug Fixes

  • Added getKey to SelectionUtils.optimizeSelection (#1994) (4404894)

BREAKING CHANGES

  • @deephaven/react-hooks: SelectionUtils.optimizeSelection and useMappedSelection require additional getKey arg

Readme

Source

@deephaven/auth-plugins

Authentication plugins for Deephaven. Used by AuthBootstrap to provide default authentication if no custom plugins are loaded. For mode details on custom plugins, see deephaven-js-plugins repository.

Install

npm install --save @deephaven/auth-plugins

Developing New Auth Plugins

Export an AuthPlugin from a module to register an authentication plugin. Authentication plugins must implement the AuthPlugin interface. Authentication plugins can display a UI which then triggers how to login.

The Web UI loads all plugins on initialization, and uses the first available authentication plugin for authenticating. A sequence diagram of this flow at a high level, where AuthPlugin is the first authentication plugin that returns true when the isAvailable method is called.

sequenceDiagram
  participant U as User
  participant W as Web UI
  participant P as AuthPlugin
  participant S as Server
  U->>W: Open app
  activate W
    W->>S: Load plugin modules
    S-->>W: PluginModule[]
    W->>S: client.getAuthConfigValues()
    S-->>W: Auth config [string, string][]
    W->>W: Select first available AuthPlugin
  deactivate W
  W->>P: Login
  P->>S: client.login()
  S-->>P: Login success
  P-->>W: Login success

Examples

Below are some sequence diagrams for some of the included Auth Plugins.

Pre-shared Key (AuthPluginPsk)
sequenceDiagram
  participant W as Web UI
  participant P as AuthPluginPsk
  participant J as JS API
  W->>P: Login
  alt Key in query string
    P->>J: client.login(key)
  else Prompt user for key
    P->>P: Prompt for key
    P->>J: client.login(key)
  end
  J-->>P: Login success
  P-->>W: Login success

Composite Password/Anonymous plugin

Composite plugin giving the user the choice of logging in with a password or logging in anonymously

sequenceDiagram
  participant W as Web UI
  participant CP as CompositePlugin
  participant AP as AnonymousPlugin
  participant PP as PasswordPlugin
  participant J as JS API
  W->>CP: Login
  CP->>CP: Prompt for authentication method
  activate CP
    alt Password login
      activate PP
        loop Until success
          PP->>PP: Show Login UI
          PP->>J: client.login(password)
          alt Login success
            J-->>PP: Login success
          else Login failure
            J-->>PP: Login failure
            PP->>PP: Show login error
          end
        end
        PP-->>CP: Login success
      deactivate PP
    else Anonymous login
      activate AP
        AP->>J: client.login(anonymous)
        J-->>AP: Login success
        AP-->>CP: Login success
      deactivate AP
    end
    CP-->>W: Login success
  deactivate CP
Auth0

Translation of flow from https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow, showing which responsibilities login plugin handles. Note that the plugins need to be loaded initially prior to redirecting to the authorization prompt, and then again after redirecting back to the Web UI. For a specific example using Keycloak, see AuthPluginKeycloak.

sequenceDiagram
  participant U as User
  participant W as Web UI
  participant S as Server
  participant P as Auth0Plugin
  participant T as Auth0 Tenant
  participant J as JS API
  U->>W: Open app
  W->>W: Select first available AuthPlugin
  W->>P: Login
  P->>T: Authorization code request to /authorize
  T->>U: Redirect to login/authorization prompt
  U-->>T: Authenticate and Consent
  T->>W: Authorization code
  W->>W: Select first available AuthPlugin
  W->>P: Login
  P->>T: Authorization Code + Client ID + Client Secret to /oauth/token
  T->>T: Validate Authorization Code + Client ID + Client Secret
  T-->>P: ID Token and Access Token
  P->>J: client.login(token)
  J-->>P: Login success
  P-->>W: Login success

Legal Notices

Deephaven Data Labs and any contributors grant you a license to the content of this repository under the Apache 2.0 License, see the LICENSE file.

Keywords

FAQs

Last updated on 07 May 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

CISA Launches Vulnrichment Project as NVD Backlog Hits 10,000

Security News

CISA Launches Vulnrichment Project as NVD Backlog Hits 10,000

CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.

By Sarah Gooding  -  May 09, 2024
Recent Trends in Malicious Packages Targeting Discord

Research

Recent Trends in Malicious Packages Targeting Discord

The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.

By Socket Research Team  -  May 07, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc