Skip to content

feat: Extended auth handler configuration #193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mattkram wants to merge 3 commits into
base: refac/tidy-token-lookup-logic
Choose a base branch
from
Open

feat: Extended auth handler configuration #193

mattkram wants to merge 3 commits into from

Conversation

@mattkram
Copy link
Collaborator

@mattkram mattkram commented Dec 8, 2025
edited
Loading

Summary

Currently, the conda auth handler implementation inside anaconda-auth assumes a set of rules when performing token retrieval, given a request URL. In general, we assume the channel and auth domains match (which is sufficient for most self-hosted scenarios), or leverage a set of hard-coded values for production domains. We also support two types of credential for legacy support. However, in certain scenarios, it may be necessary to decouple the request URL from the auth domain lookup URL, or to explicitly specify which type of credential to use.

Here, we implement an extended token-lookup function, leveraging optional fields that can be passed in conda's channel_settings. In doing so, user's can explicitly override default behaviors to match the channel with the token lookup behavior.

We do this by adding the optional auth_domain and credential_type fields, for example:

channel_settings:
- auth: anaconda-auth 
  channel: https://some-special-server.anaconda.com/*
  auth_domain: anaconda.com
  credential_type: api-key

In this case, an API key stored under the domain anaconda.com would be retrieved. Valid credential types are "api-key" and "repo-token".

Considerations

This solution relies on the fact that conda's channel_settings is a plain dictionary object. There is precedence for additional fields (such as username in the conda-auth plugin ref). But there is also an opportunity for plugins to declare their own "extra" config schema.

Retrieval of channel settings from within the auth handler is currently challenging and replicates similar functionality as conda itself. I have opened a feature request issue in conda, which can help to simplify our implementation down the line if merged.

Additional note

This PR is designed to stack on top of #196. During implementation, I found it necessary to require refactoring the token lookup logic, which ultimately makes this PR much simpler.

@mattkram mattkram changed the title yaml with comments over json feat: Extended auth handler configuration Dec 8, 2025
@mattkram mattkram mentioned this pull request Dec 8, 2025
Closed
@mattkram mattkram force-pushed the feat/extended-auth-handler-config branch 2 times, most recently from 7d80bd7 to d84fa51 Compare December 8, 2025 22:57
@jezdez jezdez mentioned this pull request Dec 9, 2025
Closed
1 task
@mattkram mattkram force-pushed the feat/extended-auth-handler-config branch from d84fa51 to 8a934f4 Compare December 9, 2025 15:46
Base automatically changed from nohack to main December 9, 2025 16:34
@mattkram mattkram force-pushed the feat/extended-auth-handler-config branch 2 times, most recently from 9234381 to b72f5dd Compare December 10, 2025 16:32
@mattkram mattkram mentioned this pull request Dec 10, 2025
Open
@mattkram mattkram changed the base branch from main to refac/tidy-token-lookup-logic December 11, 2025 04:46
@mattkram mattkram force-pushed the feat/extended-auth-handler-config branch 3 times, most recently from 0acd776 to 3c1f39f Compare December 11, 2025 04:55
@mattkram mattkram marked this pull request as ready for review December 11, 2025 04:59
@mattkram mattkram mentioned this pull request Dec 11, 2025
Open
2 tasks
@mattkram mattkram force-pushed the refac/tidy-token-lookup-logic branch from 01d6cbb to 5f12c82 Compare December 12, 2025 15:22
@mattkram mattkram force-pushed the feat/extended-auth-handler-config branch from c5ed019 to e9e4de5 Compare December 12, 2025 15:22
@mattkram mattkram force-pushed the refac/tidy-token-lookup-logic branch 2 times, most recently from c53c0e8 to 9f7f907 Compare December 18, 2025 20:37
@mattkram mattkram force-pushed the feat/extended-auth-handler-config branch from e9e4de5 to 5c260ef Compare December 18, 2025 22:12
@mattkram mattkram force-pushed the refac/tidy-token-lookup-logic branch from 6a2d454 to 06c9ba0 Compare December 19, 2025 14:29
@mattkram mattkram force-pushed the feat/extended-auth-handler-config branch 2 times, most recently from f1551be to 4742260 Compare December 19, 2025 14:38
@mattkram mattkram force-pushed the refac/tidy-token-lookup-logic branch from 06c9ba0 to a66d62d Compare December 19, 2025 15:00
@mattkram mattkram force-pushed the feat/extended-auth-handler-config branch from 4742260 to 5907042 Compare December 19, 2025 15:00
@mattkram mattkram force-pushed the refac/tidy-token-lookup-logic branch from a66d62d to 86379df Compare January 21, 2026 19:10
@mattkram mattkram force-pushed the feat/extended-auth-handler-config branch from 5907042 to c2a792f Compare January 21, 2026 19:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mattkram