feat: add support for mounting data connectors using OAuth 2.0 credentials#1195
Merged
leafty merged 7 commits intoleafty/build-oauth-data-connectorsfrom Feb 6, 2026
Merged
Conversation
bf07ad2 to
4ac6019
Compare
Base automatically changed from
leafty/cleanup-providers
to
leafty/build-oauth-data-connectors
February 2, 2026 07:48
This was referenced Feb 2, 2026
a386820 to
58a15d9
Compare
50a19b8 to
84e538f
Compare
84e538f to
8d5f3ba
Compare
olevski
requested changes
Feb 2, 2026
components/renku_data_services/connected_services/blueprints.py
Outdated
Show resolved
Hide resolved
Co-authored-by: Tasko Olevski <16360283+olevski@users.noreply.github.com>
olevski
approved these changes
Feb 5, 2026
ba1be73
into
leafty/build-oauth-data-connectors
11 of 12 checks passed
leafty
added a commit
that referenced
this pull request
Feb 16, 2026
…tials (#1195) Details: * Add DataSourceRepository class to handle OAuth 2.0 credentials when mounting data connectors of type `drive` and `dropbox`. * When a session start is requested, insert `token` and `token_url` into the `rclone` configuration. * When a session resume is requested, read the `rclone` configuration from k8s secrets and update the `token` and `token_url` fields. * Add methods to read k8s secrets (create, patch, delete already exist). * Add a `POST /oauth2/connections/<connection_id:ulid>/token_endpoint` endpoint: it conforms to [RFC 6749 - Section 6: Refreshing an Access Token](https://datatracker.ietf.org/doc/html/rfc6749#section-6). This is what is used as the `token_url` in the `rclone` configurations. This means that data services handles OAuth 2.0 token refreshes which is critical for platforms which issue single-use refresh tokens.
leafty
added a commit
that referenced
this pull request
Feb 16, 2026
…tials (#1195) Details: * Add DataSourceRepository class to handle OAuth 2.0 credentials when mounting data connectors of type `drive` and `dropbox`. * When a session start is requested, insert `token` and `token_url` into the `rclone` configuration. * When a session resume is requested, read the `rclone` configuration from k8s secrets and update the `token` and `token_url` fields. * Add methods to read k8s secrets (create, patch, delete already exist). * Add a `POST /oauth2/connections/<connection_id:ulid>/token_endpoint` endpoint: it conforms to [RFC 6749 - Section 6: Refreshing an Access Token](https://datatracker.ietf.org/doc/html/rfc6749#section-6). This is what is used as the `token_url` in the `rclone` configurations. This means that data services handles OAuth 2.0 token refreshes which is critical for platforms which issue single-use refresh tokens.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merging into a feature branch
Details:
driveanddropbox.tokenandtoken_urlinto thercloneconfiguration.rcloneconfiguration from k8s secrets and update thetokenandtoken_urlfields.POST /oauth2/connections/<connection_id:ulid>/token_endpointendpoint: it conforms to RFC 6749 - Section 6: Refreshing an Access Token. This is what is used as thetoken_urlin thercloneconfigurations. This means that data services handles OAuth 2.0 token refreshes which is critical for platforms which issue single-use refresh tokens.PR stack: