Skip to content

feat: add support for mounting data connectors using OAuth 2.0 credentials#1195

Merged
leafty merged 7 commits intoleafty/build-oauth-data-connectorsfrom
leafty/add-oauth2-support-mounts
Feb 6, 2026
Merged

feat: add support for mounting data connectors using OAuth 2.0 credentials#1195
leafty merged 7 commits intoleafty/build-oauth-data-connectorsfrom
leafty/add-oauth2-support-mounts

Conversation

@leafty
Copy link
Member

@leafty leafty commented Jan 28, 2026
edited
Loading

Merging into a feature branch

Details:

  • Add DataSourceRepository class to handle OAuth 2.0 credentials when mounting data connectors of type drive and dropbox.
  • When a session start is requested, insert token and token_url into the rclone configuration.
  • When a session resume is requested, read the rclone configuration from k8s secrets and update the token and token_url fields.
  • Add methods to read k8s secrets (create, patch, delete already exist).
  • Add a POST /oauth2/connections/<connection_id:ulid>/token_endpoint endpoint: it conforms to RFC 6749 - Section 6: Refreshing an Access Token. This is what is used as the token_url in the rclone configurations. This means that data services handles OAuth 2.0 token refreshes which is critical for platforms which issue single-use refresh tokens.

PR stack:

@leafty leafty force-pushed the leafty/add-oauth2-support-mounts branch from bf07ad2 to 4ac6019 Compare January 28, 2026 08:09
@leafty leafty mentioned this pull request Jan 28, 2026
Merged
@leafty leafty marked this pull request as ready for review January 29, 2026 11:53
@leafty leafty requested review from a team, SalimKayal and sgaist as code owners January 29, 2026 11:53
Base automatically changed from leafty/cleanup-providers to leafty/build-oauth-data-connectors February 2, 2026 07:48
This was referenced Feb 2, 2026
Draft
Merged
@leafty leafty force-pushed the leafty/build-oauth-data-connectors branch from a386820 to 58a15d9 Compare February 2, 2026 07:55
@leafty leafty force-pushed the leafty/add-oauth2-support-mounts branch from 50a19b8 to 84e538f Compare February 2, 2026 07:58
@leafty leafty force-pushed the leafty/add-oauth2-support-mounts branch from 84e538f to 8d5f3ba Compare February 2, 2026 08:00
olevski
olevski requested changes Feb 2, 2026
View reviewed changes
leafty and others added 3 commits February 3, 2026 08:17
@leafty leafty requested a review from olevski February 3, 2026 07:27
@leafty leafty merged commit ba1be73 into leafty/build-oauth-data-connectors Feb 6, 2026
11 of 12 checks passed
@leafty leafty deleted the leafty/add-oauth2-support-mounts branch February 6, 2026 08:34
leafty added a commit that referenced this pull request Feb 16, 2026
@leafty
feat: add support for mounting data connectors using OAuth 2.0 creden…
176ee77 
…tials (#1195)

Details:
* Add DataSourceRepository class to handle OAuth 2.0 credentials when mounting data connectors of type `drive` and `dropbox`.
*  When a session start is requested, insert `token` and `token_url` into the `rclone` configuration.
* When a session resume is requested, read the `rclone` configuration from k8s secrets and update the `token` and `token_url` fields.
* Add methods to read k8s secrets (create, patch, delete already exist).
* Add a `POST /oauth2/connections/<connection_id:ulid>/token_endpoint` endpoint: it conforms to [RFC 6749 - Section 6: Refreshing an Access Token](https://datatracker.ietf.org/doc/html/rfc6749#section-6). This is what is used as the `token_url` in the `rclone` configurations. This means that data services handles OAuth 2.0 token refreshes which is critical for platforms which issue single-use refresh tokens.
leafty added a commit that referenced this pull request Feb 16, 2026
@leafty
feat: add support for mounting data connectors using OAuth 2.0 creden…
6eadce1 
…tials (#1195)

Details:
* Add DataSourceRepository class to handle OAuth 2.0 credentials when mounting data connectors of type `drive` and `dropbox`.
*  When a session start is requested, insert `token` and `token_url` into the `rclone` configuration.
* When a session resume is requested, read the `rclone` configuration from k8s secrets and update the `token` and `token_url` fields.
* Add methods to read k8s secrets (create, patch, delete already exist).
* Add a `POST /oauth2/connections/<connection_id:ulid>/token_endpoint` endpoint: it conforms to [RFC 6749 - Section 6: Refreshing an Access Token](https://datatracker.ietf.org/doc/html/rfc6749#section-6). This is what is used as the `token_url` in the `rclone` configurations. This means that data services handles OAuth 2.0 token refreshes which is critical for platforms which issue single-use refresh tokens.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olevski olevski olevski approved these changes

@sgaist sgaist Awaiting requested review from sgaist sgaist is a code owner

@SalimKayal SalimKayal Awaiting requested review from SalimKayal SalimKayal is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leafty @olevski