Add JWT auth option (#656)

ultram4rine · Dec 28, 2024 · ab424e2 · ab424e2
1 parent 66fee24
commit ab424e2
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Add `JWT` auth option (#656). This is a ClickHouse Cloud feature.
+
+### Changed
+
+- Improved connection test (#655).
+- Updated dependencies.
+
 ## [0.8.0] - 2024-11-11
 
 ### Added

diff --git a/connection.schema.json b/connection.schema.json
@@ -49,10 +49,10 @@
       "type": "string",
       "default": "default"
     },
-    "username": {
-      "title": "Username",
-      "type": "string",
-      "default": "default"
+    "useJWT": {
+      "type": "boolean",
+      "title": "Use JWT token instead of password",
+      "default": false
     },
     "passwordMode": {
       "title": "Password mode",
@@ -117,6 +117,29 @@
         }
       ]
     },
+    "useJWT": {
+      "oneOf": [
+        {
+          "properties": {
+            "useJWT": {
+              "enum": [false]
+            },
+            "username": {
+              "title": "Username",
+              "type": "string",
+              "default": "default"
+            }
+          }
+        },
+        {
+          "properties": {
+            "useJWT": {
+              "enum": [true]
+            }
+          }
+        }
+      ]
+    },
     "enableTls": {
       "oneOf": [
         {

diff --git a/src/extension.ts b/src/extension.ts
@@ -69,6 +69,10 @@ export async function activate(
         connInfo.server = "http://" + connInfo.server;
       }
 
+      if (connInfo.useJWT) {
+        propsToRemove.push("username");
+      }
+
       if (connInfo.passwordMode) {
         if (connInfo.passwordMode.toString().toLowerCase().includes("ask")) {
           connInfo.askForPassword = true;

diff --git a/src/ls/driver.ts b/src/ls/driver.ts
@@ -60,15 +60,20 @@ export default class ClickHouseDriver
 
     const opts = {
       url: url,
-      username: this.credentials.username,
-      password: this.credentials.password,
       role: this.credentials.role,
       request_timeout: this.credentials.requestTimeout,
       application: "sqltools-clickhouse-driver",
       database: this.credentials.database,
       tls: tlsConfig,
     } as ClickHouseClientConfigOptions;
 
+    if (this.credentials.useJWT) {
+      opts.access_token = this.credentials.password;
+    } else {
+      opts.username = this.credentials.username;
+      opts.password = this.credentials.password;
+    }
+
     this.connection = Promise.resolve(createClient(opts));
     return this.connection;
   }

diff --git a/ui.schema.json b/ui.schema.json
@@ -3,6 +3,7 @@
     "server",
     "port",
     "database",
+    "useJWT",
     "username",
     "passwordMode",
     "password",
@@ -12,6 +13,9 @@
     "tls"
   ],
   "password": { "ui:widget": "password" },
+  "useJWT": {
+    "ui:help": "This is a ClickHouse Cloud feature. Put token in password field"
+  },
   "role": {
     "ui:help": "Only for ClickHouse >=24.4! See https://clickhouse.com/docs/en/interfaces/http#setting-role-with-query-parameters"
   },