From 0edaa8e00b992bd40adee1f92c292fc3e22439fd Mon Sep 17 00:00:00 2001 From: Fran McDade <18710366+frano-m@users.noreply.github.com> Date: Mon, 11 May 2026 15:39:58 +1000 Subject: [PATCH 1/2] feat: [hca dcp] implement authorization code flow with azul for hca dcp dev (#4805) Co-Authored-By: Claude Opus 4.7 (1M context) --- .../ma-dev/authentication/authentication.ts | 12 ++++++ .../ma-dev/authentication/constants.ts | 38 +++++++++++++++++++ site-config/hca-dcp/ma-dev/config.ts | 9 +++++ 3 files changed, 59 insertions(+) create mode 100644 site-config/hca-dcp/ma-dev/authentication/authentication.ts create mode 100644 site-config/hca-dcp/ma-dev/authentication/constants.ts diff --git a/site-config/hca-dcp/ma-dev/authentication/authentication.ts b/site-config/hca-dcp/ma-dev/authentication/authentication.ts new file mode 100644 index 000000000..8d5e676bc --- /dev/null +++ b/site-config/hca-dcp/ma-dev/authentication/authentication.ts @@ -0,0 +1,12 @@ +import { AuthenticationConfig } from "@databiosphere/findable-ui/lib/config/entities"; +import { getGoogleProvider, TERRA_SERVICE } from "./constants"; + +export function getAuthenticationConfig( + authenticationConfig: AuthenticationConfig, + dataSourceUrl: string +): AuthenticationConfig { + const authentication = { ...authenticationConfig }; + authentication.providers = [getGoogleProvider(dataSourceUrl)]; + authentication.services = [TERRA_SERVICE]; + return authentication; +} diff --git a/site-config/hca-dcp/ma-dev/authentication/constants.ts b/site-config/hca-dcp/ma-dev/authentication/constants.ts new file mode 100644 index 000000000..ae8d8de15 --- /dev/null +++ b/site-config/hca-dcp/ma-dev/authentication/constants.ts @@ -0,0 +1,38 @@ +import { + OAUTH_FLOW, + OAuthProvider, +} from "@databiosphere/findable-ui/lib/config/entities"; +import { GOOGLE_SIGN_IN_PROVIDER } from "@databiosphere/findable-ui/lib/google/config"; +import { GoogleProfile } from "@databiosphere/findable-ui/lib/google/types"; + +import { OAUTH_GOOGLE_SIGN_IN } from "../../../common/authentication"; + +const CLIENT_ID = + "713613812354-aelk662bncv14d319dk8juce9p11um00.apps.googleusercontent.com"; + +/** + * Returns the Google OAuth provider configured for the authorization code + * flow, with `authorize` derived from the given Azul base URL. + * @param dataSourceUrl - Azul base URL. + * @returns Google OAuth provider. + */ +export function getGoogleProvider( + dataSourceUrl: string +): OAuthProvider { + return { + ...GOOGLE_SIGN_IN_PROVIDER, + ...OAUTH_GOOGLE_SIGN_IN, + // URL constructor handles trailing-slash variation on dataSourceUrl. + authorize: new URL("/user/authorize", dataSourceUrl).href, + clientId: CLIENT_ID, + flow: OAUTH_FLOW.AUTHORIZATION_CODE, + }; +} + +export const TERRA_SERVICE = { + endpoint: { + profile: "https://sam.dsde-dev.broadinstitute.org/register/user/v1", + tos: "https://sam.dsde-dev.broadinstitute.org/register/user/v2/self/termsOfServiceDetails", + }, + id: "terra", +}; diff --git a/site-config/hca-dcp/ma-dev/config.ts b/site-config/hca-dcp/ma-dev/config.ts index 78b441588..1c123e0af 100644 --- a/site-config/hca-dcp/ma-dev/config.ts +++ b/site-config/hca-dcp/ma-dev/config.ts @@ -2,6 +2,7 @@ import { GIT_HUB_REPO_URL } from "../../common/constants"; import { SiteConfig } from "../../common/entities"; import { makeManagedAccessConfig } from "../cc-ma-dev/config"; import { makeConfig } from "../dev/config"; +import { getAuthenticationConfig } from "./authentication/authentication"; // Template constants const BROWSER_URL = "https://explore.dev.singlecell.gi.ucsc.edu"; @@ -20,4 +21,12 @@ if (config.analytics) { config.analytics = undefined; } +// Update authentication for the dev environment (authorization code flow). +if (config.authentication) { + config.authentication = getAuthenticationConfig( + config.authentication, + config.dataSource.url + ); +} + export default config; From 912702605cf46c6e7467c944a0001d29243ce32d Mon Sep 17 00:00:00 2001 From: Fran McDade <18710366+frano-m@users.noreply.github.com> Date: Mon, 11 May 2026 16:09:32 +1000 Subject: [PATCH 2/2] chore: [hca dcp] document trailing-slash dependency on datasourceurl (#4805) Co-Authored-By: Claude Opus 4.7 (1M context) --- site-config/hca-dcp/ma-dev/authentication/constants.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-config/hca-dcp/ma-dev/authentication/constants.ts b/site-config/hca-dcp/ma-dev/authentication/constants.ts index ae8d8de15..50248abbd 100644 --- a/site-config/hca-dcp/ma-dev/authentication/constants.ts +++ b/site-config/hca-dcp/ma-dev/authentication/constants.ts @@ -22,8 +22,8 @@ export function getGoogleProvider( return { ...GOOGLE_SIGN_IN_PROVIDER, ...OAUTH_GOOGLE_SIGN_IN, - // URL constructor handles trailing-slash variation on dataSourceUrl. - authorize: new URL("/user/authorize", dataSourceUrl).href, + // Relies on dataSourceUrl having a trailing slash (set as `${dataUrl}/` in dev/config.ts). + authorize: `${dataSourceUrl}user/authorize`, clientId: CLIENT_ID, flow: OAUTH_FLOW.AUTHORIZATION_CODE, };