Description
GeoNode currently supports Basic Auth for remote services through the Service model, and the backend uses this information when harvesting remote OWS resources.
This works for the current remote OWS service flow, but it makes authentication handling tightly coupled to a specific use case and difficult to extend. GeoNode also has rule-handler-based extension points that may need to generate rules based on different authentication types.
Going forward, we may need a more generic and reusable authentication layer for outgoing requests, so that authentication configuration can be reused consistently across backend service integrations and future remote resource types.
The goal is to abstract and decouple authentication configuration and runtime logic so that both rule handlers and other backend services can use the same auth framework.
High-level design
We need a generic and extensible authentication layer built on top of a Django AuthConfig model.
The goal is to decouple:
- how authentication settings are stored in the database
- how authentication is applied to outgoing HTTP requests
- whether authentication is expressed as a requests-compatible auth object or as direct request enrichment
This would give us a single, uniform way to instantiate an auth handler from a DB record and then use it to prepare outgoing requests.
Authentication configurations are stored in Django as a model, like:
class AuthConfig(models.Model):
id: Number
type: "Basic" | "Token" | "SASUrlsConfig" # extensible to other auth types
payload: jsonWhere:
- type identifies the auth strategy
- payload stores strategy-specific configuration
- each auth strategy knows how to extract its own fields from payload
- each auth strategy can apply itself to a
requests.Request
We also need a way to associate URL patterns with an AuthConfig for request-handler-based integrations. A possible approach is to introduce a separate model that maps a URL pattern to an auth configuration, so that request handler configuration can be stored in the database instead of being hardcoded in settings.
class URLPatternAuthConfig(models.Model):
auth_config: AuthConfig
pattern: string
Description
GeoNode currently supports Basic Auth for remote services through the
Servicemodel, and the backend uses this information when harvesting remote OWS resources.This works for the current remote OWS service flow, but it makes authentication handling tightly coupled to a specific use case and difficult to extend. GeoNode also has rule-handler-based extension points that may need to generate rules based on different authentication types.
Going forward, we may need a more generic and reusable authentication layer for outgoing requests, so that authentication configuration can be reused consistently across backend service integrations and future remote resource types.
The goal is to abstract and decouple authentication configuration and runtime logic so that both rule handlers and other backend services can use the same auth framework.
High-level design
We need a generic and extensible authentication layer built on top of a Django
AuthConfigmodel.The goal is to decouple:
This would give us a single, uniform way to instantiate an auth handler from a DB record and then use it to prepare outgoing requests.
Authentication configurations are stored in Django as a model, like:
Where:
requests.RequestWe also need a way to associate URL patterns with an AuthConfig for request-handler-based integrations. A possible approach is to introduce a separate model that maps a URL pattern to an auth configuration, so that request handler configuration can be stored in the database instead of being hardcoded in settings.