OpenBao
Replies: 4 comments 4 replies
-
Smart!
See the curl docs ... I'm not sure about localStorage, but curl can easily use cookies (and Basic Authentication) just like any other browser: |
Beta Was this translation helpful? Give feedback.
-
|
that much I do know (feeling a little smarter ..) However, the initial login sequence has to be done through a browser, in order to handle the redirects to the auth provider , for the user to then enter the credentials , callbacks etc a node process or curl call would not be able to handle that - so they must have some token that they can pass along - and it's this token that I'm trying to figure out how to get if you consider a n8n flow may look like this curl -> it's the gmail node that needs to authenticate, yet the curl request does not have these. They are somehow "stored" in the auth tokens node. So somehow, that auth node has found and saved something so that it can send them to the gmail node |
Beta Was this translation helpful? Give feedback.
-
|
I think https://github.com/openbao/openbao/blob/main/builtin/credential/jwt/cli.go has the detail you want about how this is accomplished. From the auth request from curl, you'd have to setup the redirect URL handler & open the browser locally and handle posting this back to the OpenBao node. If an end-user is meant to be doing this (rather than a one-time operator setup), you may just want to kick the flow to the user. Other forms are more popular for true service auth, like approle, jw, or certs. My 2c. |
Beta Was this translation helpful? Give feedback.
-
|
thanks, will take a look |
Beta Was this translation helpful? Give feedback.
-
|
@jmls You will need to figure out the api interface for their service that grants tokens. It should be a POST request. You may receive a Java Web Token as the response. This is your access token. All future calls you will need to pass this in one of the headers for auth. Generally it is on the caller to both verify and validate that the token is authentic and has not been subject to man-in-the-middle attacks. |
Beta Was this translation helpful? Give feedback.
-
|
sorry, when you say their service, do you mean each provider - like google / azure / auth0 etc ? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, correct. The Api interfaces for each should be somewhat similar following OAuth (2) as a standard. |
Beta Was this translation helpful? Give feedback.
-
|
thanks everyone for the hints, tips and help. Much appreciated. |
Beta Was this translation helpful? Give feedback.
-
I know that I don't know something .. and it's been bothering me for a while so I thought I'd suck it up and just ask people who do know ;)
With OAuth, a user logins into a provider with a browser. The provider authenticates and sends tokens / cookies back to the browser. The cookies / tokens are stored so that when a user goes to authenticate against the same provider they are "just logged in"
So, how do things like "nodes" in n8n / activePieces / zapier etc work ? These systems have an "authentication" section where you can specify an OAuth provider.
However, these processes are often accessed by a curl request , so a browser is obviously not involved, so cookies or local storage cannot be involved.
Which then implies that the "node" can somehow store a token and reuse it - but what token ? Is there a token or something in the login response what can be saved somewhere ?
And how can I use OpenBao to achieve this goal ?
Sorry for asking what may seem a very basic question.
Beta Was this translation helpful? Give feedback.
All reactions