@deephaven/auth-plugins

@deephaven/auth-plugins

Authentication plugins for Deephaven. Used by AuthBootstrap to provide default authentication if no custom plugins are loaded. For mode details on custom plugins, see deephaven-js-plugins repository.

Install

npm install --save @deephaven/auth-plugins

Developing New Auth Plugins

Export an AuthPlugin from a module to register an authentication plugin. Authentication plugins must implement the AuthPlugin interface. Authentication plugins can display a UI which then triggers how to login.

The Web UI loads all plugins on initialization, and uses the first available authentication plugin for authenticating. A sequence diagram of this flow at a high level, where AuthPlugin is the first authentication plugin that returns true when the isAvailable method is called.

sequenceDiagram
  participant U as User
  participant W as Web UI
  participant P as AuthPlugin
  participant S as Server
  U->>W: Open app
  activate W
    W->>S: Load plugin modules
    S-->>W: PluginModule[]
    W->>S: client.getAuthConfigValues()
    S-->>W: Auth config [string, string][]
    W->>W: Select first available AuthPlugin
  deactivate W
  W->>P: Login
  P->>S: client.login()
  S-->>P: Login success
  P-->>W: Login success

Examples

Below are some sequence diagrams for some of the included Auth Plugins.

Pre-shared Key (AuthPluginPsk)

sequenceDiagram
  participant W as Web UI
  participant P as AuthPluginPsk
  participant J as JS API
  W->>P: Login
  alt Key in query string
    P->>J: client.login(key)
  else Prompt user for key
    P->>P: Prompt for key
    P->>J: client.login(key)
  end
  J-->>P: Login success
  P-->>W: Login success

Composite Password/Anonymous plugin

Composite plugin giving the user the choice of logging in with a password or logging in anonymously

sequenceDiagram
  participant W as Web UI
  participant CP as CompositePlugin
  participant AP as AnonymousPlugin
  participant PP as PasswordPlugin
  participant J as JS API
  W->>CP: Login
  CP->>CP: Prompt for authentication method
  activate CP
    alt Password login
      activate PP
        loop Until success
          PP->>PP: Show Login UI
          PP->>J: client.login(password)
          alt Login success
            J-->>PP: Login success
          else Login failure
            J-->>PP: Login failure
            PP->>PP: Show login error
          end
        end
        PP-->>CP: Login success
      deactivate PP
    else Anonymous login
      activate AP
        AP->>J: client.login(anonymous)
        J-->>AP: Login success
        AP-->>CP: Login success
      deactivate AP
    end
    CP-->>W: Login success
  deactivate CP

Auth0

Translation of flow from https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow, showing which responsibilities login plugin handles. Note that the plugins need to be loaded initially prior to redirecting to the authorization prompt, and then again after redirecting back to the Web UI. For a specific example using Keycloak, see AuthPluginKeycloak.

sequenceDiagram
  participant U as User
  participant W as Web UI
  participant S as Server
  participant P as Auth0Plugin
  participant T as Auth0 Tenant
  participant J as JS API
  U->>W: Open app
  W->>W: Select first available AuthPlugin
  W->>P: Login
  P->>T: Authorization code request to /authorize
  T->>U: Redirect to login/authorization prompt
  U-->>T: Authenticate and Consent
  T->>W: Authorization code
  W->>W: Select first available AuthPlugin
  W->>P: Login
  P->>T: Authorization Code + Client ID + Client Secret to /oauth/token
  T->>T: Validate Authorization Code + Client ID + Client Secret
  T-->>P: ID Token and Access Token
  P->>J: client.login(token)
  J-->>P: Login success
  P-->>W: Login success

Legal Notices

Deephaven Data Labs and any contributors grant you a license to the content of this repository under the Apache 2.0 License, see the LICENSE file.