Alternative bearer token generation?

h.moss · August 1, 2023, 9:30am

I’m attempting to deploy HSDS without docker using POSIX storage on a HPC cluster and was interested in going down the route of authenticating users via bearer token. We’d like to base user access to HSDS on whether users have existing access to a SQL database elsewhere on the cluster, and we’ve set up a simple FastAPI application to determine whether users can access that database via HTTP basic auth.

Would it be possible to generate a bearer token via our FastAPI app and have HSDS handle that for user auth? I realise much of the documentation is targeting Azure Active Directory and/or Keycloak, but was interested to hear any thoughts on this!

jreadey · August 2, 2023, 7:52am

Welcome to the HDF forums! This sounds like an interesting application of HSDS, would be interesting to get updates as the work progresses.)

The HSDS authentication code is fairly extensible, so I think it should be fairly easy to add support for your bearer token. Are there JSON Web Tokens? (re: https://jwt.io/).

See the code here: https://github.com/HDFGroup/hsds/blob/master/hsds/util/jwtUtil.py. For the token, you just need a URI endpoint to validate the token (which you can setup in a config override).

Attention! https://support.hdfgroup.org is the NEW home for documentation from The HDF Group. (Details)

Alternative bearer token generation?