Auth, Rust and gRPC

I decided that I want the kebe-backend and kebe-client to both be written in Rust. They will implement and use a gRPC based API. I’ve decided this for a variety of reasons but one of the primary reasons is the kebe-backend is the part that will not exist as an (at least open) analogy to the Snap store. By that I mean it will all be made up. :slight_smile:

All of these things that the kebe-backend will need to do almost certainly DO have analogies or corresponding APIs on the Snap store, we just don’t have access to them or their documentation.

For any number of examples of these kinds of things check out the forums:

  • transfering ownership
  • issuing assertions for control / limited interfaces
  • creating tracks
  • account management
  • etc.

So to that end I spent most of the day ramping up on Rust (session #8 or whatever it is). I’ve never had a project I could really justify the loss of productivity on versus Go but I don’t really have a deadline on any of this AND I think this justifies it.

There’s an argument to be made that the client side could be in Go but so far I want it to be in Rust, we’ll see if that changes.

That meant I got to spend time with more OIDC auth stuff as well since I wanted to figure that out before I wrote any other code.

My first bit is already up on Github here (it’s just an incredibly trivial test – basically just connectivity and settings):

But then I started thinking it would be really nice if I could just open a browser window, like one does these days, send a user to Keycloak and have them log in there and then get the redirect with the OAuth2 token.

I was sort of surprised that wasn’t precisely available but it was close. So I did a bit more hacking today and I don’t have it on Github yet but I have the browser opening up and displaying this:

If you click the Login button it sends you to the Keybase login page (which could use this theme if I ever get around to it) and then redirects you back to the Rust application. It’s sort of a beautiful orchestra.

Speaking of beautiful, that’s the beautiful MIRI UI Toolkit Login Page here:

Maybe we’ll use it in more areas later! That’s about all for now, I need to get back to sorting out some Rust gPRC before bed!

Getting pretty close for at least adding to Github, still figuring out some of the OIDC parts but close. It will authenticate the user via browser login, require an access token to make requests and authorize user as having the role of “store-administrator”.

Once this bit is done I think I can get back to actually implementing store behavior and preparing for the minimal release.

Also, hopefully I’m not reinventing any wheels but I need to double check some more tomorrow.

I think I’m going to shelve this for now. I got it all working but I fear, at least for “version 1” it introduces too much complexity and unnecessarily complicates my life. :slight_smile:

So I’ll redo it in Go really quickly so that it’s all one code base for “version 1”. There are already a ton of obvious things that need to be fixed, tested, documented, etc. so adding Rust to the mix at this stage is probably sub-optimal.

I have to balance between wanting to get something “perfect” (ha!) to just getting something! Since this first version is all about being able to demonstrable do some things that should be the focus. At the moment things that keep me from implementing actual store features is probably lower on the list.

And just like that all almost working in Go already. Of course a good portion of the work was figuring out all of the OAuth2 flow and token handling (and in Rust!) for someone that didn’t know much about that (and still doesn’t) and then figuring out Rust at the same time.