feat: Implement Shotgrid authentication with username/password#48
feat: Implement Shotgrid authentication with username/password#48aviralgarg05 wants to merge 4 commits intoAcademySoftwareFoundation:mainfrom
Conversation
aviralgarg05
force-pushed
the
feature/shotgrid-auth
branch
from
ebd7762 to
bac8891
Compare
|
We do store the prodtrack provider in a lru cache at the moment. We probably want to instantiate it on each request using the authorization creds provided on each request. We can probably do something clever with fastapi middleware so we always get a new provider logged in with each request. |
|
Thank you so much for taking this on! Do you need a sg instance to test? |
|
Thanks! I don't need a ShotGrid instance. I've refactored the code to move the authentication logic into the provider and cleaned up the implementation as requested. It should be ready for review. |
Signed-off-by: aviralgarg05 <gargaviral99@gmail.com>
…rd, return a dictionary containing the session token and user email, and simplify the `main` login endpoint. Signed-off-by: aviralgarg05 <gargaviral99@gmail.com>
aviralgarg05
force-pushed
the
feature/shotgrid-auth
branch
from
89db94d to
3f5130a
Compare
Signed-off-by: aviralgarg05 <gargaviral99@gmail.com>
jspada200
left a comment
jspada200
left a comment
There was a problem hiding this comment.
You can fix the formatting using the make commands in the repo.
|
I am having some trouble getting this to work. The reason being is that we assumed that we would be able to use the traditional method of logging into SG which is what is done here. However, it seems that since Shotgrid (Flow) transitioned to cloud, they have moved to SSO through Autodesk's identity services. I think the solution here may be to move the logic you wrote to login into another kind of provider "ShotgridAuthenticationProvider" to support on prem instances, which can injected into the ShotgridProvider and implement SSO flow in another kind of authentication provider. Let me know if you want to continue this as it got more complicated or if I need to spin up another ticket for SSO login. |
…er and decouple main.py Signed-off-by: aviralgarg05 <gargaviral99@gmail.com>
I've implemented the separation of concerns by creating |
Lets keep this simple and worry about SSO later. Can test by setting a password on the SG site I think. |
| return this.get<DNAUser>(`/users/${encodeURIComponent(params.userEmail)}`); | ||
| } | ||
|
|
||
| async login(params: LoginParams): Promise<{ token: string }> { |
There was a problem hiding this comment.
Once logged it, the session token should be set on all the outbound requests. How are you testing all this logic? Do you have a SG instence running?
There was a problem hiding this comment.
Hi,
- Token Persistence: We've got an Axios interceptor on the frontend that automatically adds the session token to the
Authorizationheader for all requests after login. The backend picks this up and uses it to initialize the ShotGrid session for that specific request. - Testing: No live SG instance in the test suite—we're mocking the
ShotgunAPI to keep tests fast and reliable. I did verify it against a real instance during development though!
Let me know if you want to see more specific unit tests for this!
2 participants
PR Description: Implement ShotGrid User Authentication Flow
Summary
This PR implements a robust user authentication flow for the DNA application, moving away from static script-based authentication to a dynamic, user-specific session token mechanism using ShotGrid's native authentication.
Changes
Backend (
dna-backend)session_token.POST /auth/loginendpoint to handle user credentials.ProdtrackProviderDep) to extract Bearer tokens from theAuthorizationheader, enabling authenticated stateful sessions for all entity requests.Frontend (
dna-frontend)localStorageand restored on application load, preventing unnecessary re-logins.Verification Results
Technical Notes