Support new JWT token based auth (openEO API 1.3.0)#859

Open

niebl wants to merge 49 commits into

Open-EO:masterfrom

niebl commented Feb 6, 2026 •

edited

Loading

Includes:

checking conformance in connection.authenticate_basic() and connection.authenticate_oidc() and formatting the bearer tokens accordingly
a /conformance endpoint in DummyBackend and a has_conformance({url}) method in capabilities. So JWT bearer token conformance can be checked.

niebl added 5 commits

February 5, 2026 17:48


          add jwt conformance to DummyBackend

26422dc


          add further conformance

cde00d6


          add conformance checking to basic auth

b0a66a5


          fix has_conformance

d4d5dad


          add jwt conformant bearer token support to oidc auth

1e75abe

niebl commented Feb 6, 2026

Author

still WIP, as testing with JWT conformant backends is not yet implemented (manual tests have shown that there is still something going wrong though)

niebl added 6 commits

February 9, 2026 11:33


          Add tests for jwt conformance


          add tests for basic authentication

208b729


          fix bearer token formatting

39958bf


          fix basic auth test

65eff77


          refactor requests_mock

4273d74


          use comparableVersion for cofnormance determination

84a82ab

m-mohr reviewed

View reviewed changes

openeo/rest/auth/auth.py Outdated

m-mohr reviewed

View reviewed changes

openeo/rest/auth/auth.py Outdated

m-mohr reviewed

View reviewed changes

openeo/rest/_testing.py Outdated

m-mohr reviewed

View reviewed changes

openeo/rest/_testing.py Outdated

m-mohr reviewed

View reviewed changes

openeo/rest/capabilities.py Outdated

m-mohr reviewed

View reviewed changes

openeo/rest/capabilities.py Outdated

m-mohr reviewed

View reviewed changes

openeo/rest/connection.py Outdated

m-mohr reviewed

View reviewed changes

openeo/rest/connection.py Outdated

niebl and others added 6 commits

February 10, 2026 09:20


          Update openeo/rest/auth/auth.py

ce742e3

Co-authored-by: Matthias Mohr <m.mohr@moregeo.it>


          Update openeo/rest/_testing.py

d05271f

Co-authored-by: Matthias Mohr <m.mohr@moregeo.it>


          Update openeo/rest/_testing.py

5166eda

Co-authored-by: Matthias Mohr <m.mohr@moregeo.it>


          refactor to use get

9884bf8


          indentation

299a079


          refactor conformance string

71a4503

m-mohr reviewed

View reviewed changes

tests/rest/test_connection.py Outdated

niebl and others added 2 commits

February 10, 2026 13:16


          fix: OidcBearerAuth

d8dda41


          Update tests/rest/test_connection.py

Co-authored-by: Matthias Mohr <m.mohr@moregeo.it>

niebl force-pushed the jwt branch from f4280e6 to bef28e0 Compare

February 10, 2026 12:17

soxofaan commented Mar 4, 2026

Member

hmm, it seems this PR got in a bad state, making the signal/noise ratio bad for review. I see various changes in places that are unrelated to the feature to implement here (conversions.py, results.py, _version.py, metadata.py, test_s3sts.py, ...)

did you by any chance cherry-picked commits from master, instead of merging master?

m-mohr mentioned this pull request

Fix linting issues #869

Closed

niebl and others added 7 commits

March 4, 2026 10:04


          wip: fix parametrized tests

33641c4


          Fix parsing tokens

f943691


          Add origin of token to BearerAuth class

9a810c1


          fix: tests depending on api version number in get_me_handler

a6d3cc2


          fix: remaining oidc test

4abf67e


          fix: conformance check

7c02e85


          fix: dummy backend conformance checking

8ed91bf

m-mohr force-pushed the jwt branch from 45e7652 to 8ed91bf Compare

March 4, 2026 09:04

m-mohr commented Mar 4, 2026 •

edited

Loading

Member

@soxofaan I did clean up a potentially failed merge, this should improve the situation.

Somehat related: We also have changes come in from the linter for some of those files each time we run the linter. It might be that master is not clean with regards to linting?! => #869

soxofaan mentioned this pull request

Enforce "black" code style #870

Open

soxofaan reviewed

View reviewed changes

soxofaan left a comment

Member

sorry for delay, I finally found some time to give this another review

openeo/rest/auth/auth.py Outdated

openeo/rest/auth/testing.py Outdated

openeo/rest/_testing.py

openeo/rest/connection.py Outdated

tests/rest/conftest.py Outdated

tests/rest/test_connection.py

tests/rest/test_connection.py Outdated

soxofaan commented Mar 27, 2026

Member

and another thing: this deserves a mention in the changelog too

niebl force-pushed the jwt branch 2 times, most recently from 9e341cc to 8ed91bf Compare

April 8, 2026 08:33

niebl added 2 commits

April 8, 2026 10:39


          Merge branch 'master' into jwt

15bfc77


          refactor: parametrization

63d607a

niebl commented Apr 8, 2026

Author

Thank you very much for the review. I am sorry for the delay. I will be able to work on that feedback now


          decouple api_version and jwt_conformance

de28943

niebl force-pushed the jwt branch from cba109f to de28943 Compare

April 8, 2026 14:20


          refactor: bearer token check

555613c

niebl commented

View reviewed changes

tests/rest/test_testing.py Outdated

niebl added 5 commits

April 9, 2026 11:58


          revert dummy backend conformance tests

cc4a2e5


          refactor: code review

473ede2


          remove unused code

ed0fa58


          edit changelog

c0490dd


          refactor: use helper

897da28

niebl force-pushed the jwt branch from b2990ed to 897da28 Compare

April 9, 2026 13:04

niebl commented Apr 9, 2026

Author

@soxofaan thank you for the review. I was able to apply your suggestions and shrink the size of the PR a little. I am once again sorry for the delay

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet