flwr-nightly 1.14.0.dev20241208__py3-none-any.whl → 1.14.0.dev20241210__py3-none-any.whl

flwr/common/auth_plugin/__init__.py

@@ -0,0 +1,24 @@
+# Copyright 2024 Flower Labs GmbH. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ==============================================================================
+"""Auth plugin components."""
+
+
+from .auth_plugin import CliAuthPlugin as CliAuthPlugin
+from .auth_plugin import ExecAuthPlugin as ExecAuthPlugin
+
+__all__ = [
+    "CliAuthPlugin",
+    "ExecAuthPlugin",
+]

flwr/common/auth_plugin/auth_plugin.py

@@ -0,0 +1,111 @@
+# Copyright 2024 Flower Labs GmbH. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ==============================================================================
+"""Abstract classes for Flower User Auth Plugin."""
+
+
+from abc import ABC, abstractmethod
+from collections.abc import Sequence
+from pathlib import Path
+from typing import Any, Optional, Union
+
+from flwr.proto.exec_pb2_grpc import ExecStub
+
+
+class ExecAuthPlugin(ABC):
+    """Abstract Flower Auth Plugin class for ExecServicer.
+
+    Parameters
+    ----------
+    config : dict[str, Any]
+        The authentication configuration loaded from a YAML file.
+    """
+
+    @abstractmethod
+    def __init__(self, config: dict[str, Any]):
+        """Abstract constructor."""
+
+    @abstractmethod
+    def get_login_details(self) -> dict[str, str]:
+        """Get the login details."""
+
+    @abstractmethod
+    def validate_tokens_in_metadata(
+        self, metadata: Sequence[tuple[str, Union[str, bytes]]]
+    ) -> bool:
+        """Validate authentication tokens in the provided metadata."""
+
+    @abstractmethod
+    def get_auth_tokens(self, auth_details: dict[str, str]) -> dict[str, str]:
+        """Get authentication tokens."""
+
+    @abstractmethod
+    def refresh_tokens(
+        self, metadata: Sequence[tuple[str, Union[str, bytes]]]
+    ) -> Optional[Sequence[tuple[str, Union[str, bytes]]]]:
+        """Refresh authentication tokens in the provided metadata."""
+
+
+class CliAuthPlugin(ABC):
+    """Abstract Flower Auth Plugin class for CLI.
+
+    Parameters
+    ----------
+    user_auth_config_path : Path
+        The path to the user's authentication configuration file.
+    """
+
+    @staticmethod
+    @abstractmethod
+    def login(
+        login_details: dict[str, str],
+        exec_stub: ExecStub,
+    ) -> dict[str, Any]:
+        """Authenticate the user with the SuperLink.
+
+        Parameters
+        ----------
+        login_details : dict[str, str]
+            A dictionary containing the user's login details.
+        exec_stub : ExecStub
+            An instance of `ExecStub` used for communication with the SuperLink.
+
+        Returns
+        -------
+        user_auth_config : dict[str, Any]
+            A dictionary containing the user's authentication configuration
+            in JSON format.
+        """
+
+    @abstractmethod
+    def __init__(self, user_auth_config_path: Path):
+        """Abstract constructor."""
+
+    @abstractmethod
+    def store_tokens(self, user_auth_config: dict[str, Any]) -> None:
+        """Store authentication tokens from the provided user_auth_config.
+
+        The configuration, including tokens, will be saved as a JSON file
+        at `user_auth_config_path`.
+        """
+
+    @abstractmethod
+    def load_tokens(self) -> None:
+        """Load authentication tokens from the user_auth_config_path."""
+
+    @abstractmethod
+    def write_tokens_to_metadata(
+        self, metadata: Sequence[tuple[str, Union[str, bytes]]]
+    ) -> Sequence[tuple[str, Union[str, bytes]]]:
+        """Write authentication tokens to the provided metadata."""

flwr/common/constant.py

@@ -110,6 +110,8 @@ LOG_UPLOAD_INTERVAL = 0.2  # Minimum interval between two log uploads
 # Retry configurations
 MAX_RETRY_DELAY = 20  # Maximum delay duration between two consecutive retries.
 
+AUTH_TYPE = "auth_type"
+
 
 class MessageType:
     """Message type."""

flwr/proto/exec_pb2.py

@@ -18,7 +18,7 @@ from flwr.proto import recordset_pb2 as flwr_dot_proto_dot_recordset__pb2
 from flwr.proto import run_pb2 as flwr_dot_proto_dot_run__pb2
 
 
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x15\x66lwr/proto/exec.proto\x12\nflwr.proto\x1a\x14\x66lwr/proto/fab.proto\x1a\x1a\x66lwr/proto/transport.proto\x1a\x1a\x66lwr/proto/recordset.proto\x1a\x14\x66lwr/proto/run.proto\"\xfb\x01\n\x0fStartRunRequest\x12\x1c\n\x03\x66\x61\x62\x18\x01 \x01(\x0b\x32\x0f.flwr.proto.Fab\x12H\n\x0foverride_config\x18\x02 \x03(\x0b\x32/.flwr.proto.StartRunRequest.OverrideConfigEntry\x12\x35\n\x12\x66\x65\x64\x65ration_options\x18\x03 \x01(\x0b\x32\x19.flwr.proto.ConfigsRecord\x1aI\n\x13OverrideConfigEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12!\n\x05value\x18\x02 \x01(\x0b\x32\x12.flwr.proto.Scalar:\x02\x38\x01\"2\n\x10StartRunResponse\x12\x13\n\x06run_id\x18\x01 \x01(\x04H\x00\x88\x01\x01\x42\t\n\x07_run_id\"<\n\x11StreamLogsRequest\x12\x0e\n\x06run_id\x18\x01 \x01(\x04\x12\x17\n\x0f\x61\x66ter_timestamp\x18\x02 \x01(\x01\"B\n\x12StreamLogsResponse\x12\x12\n\nlog_output\x18\x01 \x01(\t\x12\x18\n\x10latest_timestamp\x18\x02 \x01(\x01\"1\n\x0fListRunsRequest\x12\x13\n\x06run_id\x18\x01 \x01(\x04H\x00\x88\x01\x01\x42\t\n\x07_run_id\"\x9d\x01\n\x10ListRunsResponse\x12;\n\x08run_dict\x18\x01 \x03(\x0b\x32).flwr.proto.ListRunsResponse.RunDictEntry\x12\x0b\n\x03now\x18\x02 \x01(\t\x1a?\n\x0cRunDictEntry\x12\x0b\n\x03key\x18\x01 \x01(\x04\x12\x1e\n\x05value\x18\x02 \x01(\x0b\x32\x0f.flwr.proto.Run:\x02\x38\x01\" \n\x0eStopRunRequest\x12\x0e\n\x06run_id\x18\x01 \x01(\x04\"\"\n\x0fStopRunResponse\x12\x0f\n\x07success\x18\x01 \x01(\x08\x32\xaf\x02\n\x04\x45xec\x12G\n\x08StartRun\x12\x1b.flwr.proto.StartRunRequest\x1a\x1c.flwr.proto.StartRunResponse\"\x00\x12\x44\n\x07StopRun\x12\x1a.flwr.proto.StopRunRequest\x1a\x1b.flwr.proto.StopRunResponse\"\x00\x12O\n\nStreamLogs\x12\x1d.flwr.proto.StreamLogsRequest\x1a\x1e.flwr.proto.StreamLogsResponse\"\x00\x30\x01\x12G\n\x08ListRuns\x12\x1b.flwr.proto.ListRunsRequest\x1a\x1c.flwr.proto.ListRunsResponse\"\x00\x62\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x15\x66lwr/proto/exec.proto\x12\nflwr.proto\x1a\x14\x66lwr/proto/fab.proto\x1a\x1a\x66lwr/proto/transport.proto\x1a\x1a\x66lwr/proto/recordset.proto\x1a\x14\x66lwr/proto/run.proto\"\xfb\x01\n\x0fStartRunRequest\x12\x1c\n\x03\x66\x61\x62\x18\x01 \x01(\x0b\x32\x0f.flwr.proto.Fab\x12H\n\x0foverride_config\x18\x02 \x03(\x0b\x32/.flwr.proto.StartRunRequest.OverrideConfigEntry\x12\x35\n\x12\x66\x65\x64\x65ration_options\x18\x03 \x01(\x0b\x32\x19.flwr.proto.ConfigsRecord\x1aI\n\x13OverrideConfigEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12!\n\x05value\x18\x02 \x01(\x0b\x32\x12.flwr.proto.Scalar:\x02\x38\x01\"2\n\x10StartRunResponse\x12\x13\n\x06run_id\x18\x01 \x01(\x04H\x00\x88\x01\x01\x42\t\n\x07_run_id\"<\n\x11StreamLogsRequest\x12\x0e\n\x06run_id\x18\x01 \x01(\x04\x12\x17\n\x0f\x61\x66ter_timestamp\x18\x02 \x01(\x01\"B\n\x12StreamLogsResponse\x12\x12\n\nlog_output\x18\x01 \x01(\t\x12\x18\n\x10latest_timestamp\x18\x02 \x01(\x01\"1\n\x0fListRunsRequest\x12\x13\n\x06run_id\x18\x01 \x01(\x04H\x00\x88\x01\x01\x42\t\n\x07_run_id\"\x9d\x01\n\x10ListRunsResponse\x12;\n\x08run_dict\x18\x01 \x03(\x0b\x32).flwr.proto.ListRunsResponse.RunDictEntry\x12\x0b\n\x03now\x18\x02 \x01(\t\x1a?\n\x0cRunDictEntry\x12\x0b\n\x03key\x18\x01 \x01(\x04\x12\x1e\n\x05value\x18\x02 \x01(\x0b\x32\x0f.flwr.proto.Run:\x02\x38\x01\"\x18\n\x16GetLoginDetailsRequest\"\x9c\x01\n\x17GetLoginDetailsResponse\x12L\n\rlogin_details\x18\x01 \x03(\x0b\x32\x35.flwr.proto.GetLoginDetailsResponse.LoginDetailsEntry\x1a\x33\n\x11LoginDetailsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\x93\x01\n\x14GetAuthTokensRequest\x12G\n\x0c\x61uth_details\x18\x01 \x03(\x0b\x32\x31.flwr.proto.GetAuthTokensRequest.AuthDetailsEntry\x1a\x32\n\x10\x41uthDetailsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\x92\x01\n\x15GetAuthTokensResponse\x12\x46\n\x0b\x61uth_tokens\x18\x01 \x03(\x0b\x32\x31.flwr.proto.GetAuthTokensResponse.AuthTokensEntry\x1a\x31\n\x0f\x41uthTokensEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\" \n\x0eStopRunRequest\x12\x0e\n\x06run_id\x18\x01 \x01(\x04\"\"\n\x0fStopRunResponse\x12\x0f\n\x07success\x18\x01 \x01(\x08\x32\xe5\x03\n\x04\x45xec\x12G\n\x08StartRun\x12\x1b.flwr.proto.StartRunRequest\x1a\x1c.flwr.proto.StartRunResponse\"\x00\x12\x44\n\x07StopRun\x12\x1a.flwr.proto.StopRunRequest\x1a\x1b.flwr.proto.StopRunResponse\"\x00\x12O\n\nStreamLogs\x12\x1d.flwr.proto.StreamLogsRequest\x1a\x1e.flwr.proto.StreamLogsResponse\"\x00\x30\x01\x12G\n\x08ListRuns\x12\x1b.flwr.proto.ListRunsRequest\x1a\x1c.flwr.proto.ListRunsResponse\"\x00\x12\\\n\x0fGetLoginDetails\x12\".flwr.proto.GetLoginDetailsRequest\x1a#.flwr.proto.GetLoginDetailsResponse\"\x00\x12V\n\rGetAuthTokens\x12 .flwr.proto.GetAuthTokensRequest\x1a!.flwr.proto.GetAuthTokensResponse\"\x00\x62\x06proto3')
 
 _globals = globals()
 _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals)
@@ -29,6 +29,12 @@ if _descriptor._USE_C_DESCRIPTORS == False:
   _globals['_STARTRUNREQUEST_OVERRIDECONFIGENTRY']._serialized_options = b'8\001'
   _globals['_LISTRUNSRESPONSE_RUNDICTENTRY']._options = None
   _globals['_LISTRUNSRESPONSE_RUNDICTENTRY']._serialized_options = b'8\001'
+  _globals['_GETLOGINDETAILSRESPONSE_LOGINDETAILSENTRY']._options = None
+  _globals['_GETLOGINDETAILSRESPONSE_LOGINDETAILSENTRY']._serialized_options = b'8\001'
+  _globals['_GETAUTHTOKENSREQUEST_AUTHDETAILSENTRY']._options = None
+  _globals['_GETAUTHTOKENSREQUEST_AUTHDETAILSENTRY']._serialized_options = b'8\001'
+  _globals['_GETAUTHTOKENSRESPONSE_AUTHTOKENSENTRY']._options = None
+  _globals['_GETAUTHTOKENSRESPONSE_AUTHTOKENSENTRY']._serialized_options = b'8\001'
   _globals['_STARTRUNREQUEST']._serialized_start=138
   _globals['_STARTRUNREQUEST']._serialized_end=389
   _globals['_STARTRUNREQUEST_OVERRIDECONFIGENTRY']._serialized_start=316
@@ -45,10 +51,24 @@ if _descriptor._USE_C_DESCRIPTORS == False:
   _globals['_LISTRUNSRESPONSE']._serialized_end=782
   _globals['_LISTRUNSRESPONSE_RUNDICTENTRY']._serialized_start=719
   _globals['_LISTRUNSRESPONSE_RUNDICTENTRY']._serialized_end=782
-  _globals['_STOPRUNREQUEST']._serialized_start=784
-  _globals['_STOPRUNREQUEST']._serialized_end=816
-  _globals['_STOPRUNRESPONSE']._serialized_start=818
-  _globals['_STOPRUNRESPONSE']._serialized_end=852
-  _globals['_EXEC']._serialized_start=855
-  _globals['_EXEC']._serialized_end=1158
+  _globals['_GETLOGINDETAILSREQUEST']._serialized_start=784
+  _globals['_GETLOGINDETAILSREQUEST']._serialized_end=808
+  _globals['_GETLOGINDETAILSRESPONSE']._serialized_start=811
+  _globals['_GETLOGINDETAILSRESPONSE']._serialized_end=967
+  _globals['_GETLOGINDETAILSRESPONSE_LOGINDETAILSENTRY']._serialized_start=916
+  _globals['_GETLOGINDETAILSRESPONSE_LOGINDETAILSENTRY']._serialized_end=967
+  _globals['_GETAUTHTOKENSREQUEST']._serialized_start=970
+  _globals['_GETAUTHTOKENSREQUEST']._serialized_end=1117
+  _globals['_GETAUTHTOKENSREQUEST_AUTHDETAILSENTRY']._serialized_start=1067
+  _globals['_GETAUTHTOKENSREQUEST_AUTHDETAILSENTRY']._serialized_end=1117
+  _globals['_GETAUTHTOKENSRESPONSE']._serialized_start=1120
+  _globals['_GETAUTHTOKENSRESPONSE']._serialized_end=1266
+  _globals['_GETAUTHTOKENSRESPONSE_AUTHTOKENSENTRY']._serialized_start=1217
+  _globals['_GETAUTHTOKENSRESPONSE_AUTHTOKENSENTRY']._serialized_end=1266
+  _globals['_STOPRUNREQUEST']._serialized_start=1268
+  _globals['_STOPRUNREQUEST']._serialized_end=1300
+  _globals['_STOPRUNRESPONSE']._serialized_start=1302
+  _globals['_STOPRUNRESPONSE']._serialized_end=1336
+  _globals['_EXEC']._serialized_start=1339
+  _globals['_EXEC']._serialized_end=1824
 # @@protoc_insertion_point(module_scope)

flwr/proto/exec_pb2.pyi

@@ -135,6 +135,87 @@ class ListRunsResponse(google.protobuf.message.Message):
     def ClearField(self, field_name: typing_extensions.Literal["now",b"now","run_dict",b"run_dict"]) -> None: ...
 global___ListRunsResponse = ListRunsResponse
 
+class GetLoginDetailsRequest(google.protobuf.message.Message):
+    DESCRIPTOR: google.protobuf.descriptor.Descriptor
+    def __init__(self,
+        ) -> None: ...
+global___GetLoginDetailsRequest = GetLoginDetailsRequest
+
+class GetLoginDetailsResponse(google.protobuf.message.Message):
+    DESCRIPTOR: google.protobuf.descriptor.Descriptor
+    class LoginDetailsEntry(google.protobuf.message.Message):
+        DESCRIPTOR: google.protobuf.descriptor.Descriptor
+        KEY_FIELD_NUMBER: builtins.int
+        VALUE_FIELD_NUMBER: builtins.int
+        key: typing.Text
+        value: typing.Text
+        def __init__(self,
+            *,
+            key: typing.Text = ...,
+            value: typing.Text = ...,
+            ) -> None: ...
+        def ClearField(self, field_name: typing_extensions.Literal["key",b"key","value",b"value"]) -> None: ...
+
+    LOGIN_DETAILS_FIELD_NUMBER: builtins.int
+    @property
+    def login_details(self) -> google.protobuf.internal.containers.ScalarMap[typing.Text, typing.Text]: ...
+    def __init__(self,
+        *,
+        login_details: typing.Optional[typing.Mapping[typing.Text, typing.Text]] = ...,
+        ) -> None: ...
+    def ClearField(self, field_name: typing_extensions.Literal["login_details",b"login_details"]) -> None: ...
+global___GetLoginDetailsResponse = GetLoginDetailsResponse
+
+class GetAuthTokensRequest(google.protobuf.message.Message):
+    DESCRIPTOR: google.protobuf.descriptor.Descriptor
+    class AuthDetailsEntry(google.protobuf.message.Message):
+        DESCRIPTOR: google.protobuf.descriptor.Descriptor
+        KEY_FIELD_NUMBER: builtins.int
+        VALUE_FIELD_NUMBER: builtins.int
+        key: typing.Text
+        value: typing.Text
+        def __init__(self,
+            *,
+            key: typing.Text = ...,
+            value: typing.Text = ...,
+            ) -> None: ...
+        def ClearField(self, field_name: typing_extensions.Literal["key",b"key","value",b"value"]) -> None: ...
+
+    AUTH_DETAILS_FIELD_NUMBER: builtins.int
+    @property
+    def auth_details(self) -> google.protobuf.internal.containers.ScalarMap[typing.Text, typing.Text]: ...
+    def __init__(self,
+        *,
+        auth_details: typing.Optional[typing.Mapping[typing.Text, typing.Text]] = ...,
+        ) -> None: ...
+    def ClearField(self, field_name: typing_extensions.Literal["auth_details",b"auth_details"]) -> None: ...
+global___GetAuthTokensRequest = GetAuthTokensRequest
+
+class GetAuthTokensResponse(google.protobuf.message.Message):
+    DESCRIPTOR: google.protobuf.descriptor.Descriptor
+    class AuthTokensEntry(google.protobuf.message.Message):
+        DESCRIPTOR: google.protobuf.descriptor.Descriptor
+        KEY_FIELD_NUMBER: builtins.int
+        VALUE_FIELD_NUMBER: builtins.int
+        key: typing.Text
+        value: typing.Text
+        def __init__(self,
+            *,
+            key: typing.Text = ...,
+            value: typing.Text = ...,
+            ) -> None: ...
+        def ClearField(self, field_name: typing_extensions.Literal["key",b"key","value",b"value"]) -> None: ...
+
+    AUTH_TOKENS_FIELD_NUMBER: builtins.int
+    @property
+    def auth_tokens(self) -> google.protobuf.internal.containers.ScalarMap[typing.Text, typing.Text]: ...
+    def __init__(self,
+        *,
+        auth_tokens: typing.Optional[typing.Mapping[typing.Text, typing.Text]] = ...,
+        ) -> None: ...
+    def ClearField(self, field_name: typing_extensions.Literal["auth_tokens",b"auth_tokens"]) -> None: ...
+global___GetAuthTokensResponse = GetAuthTokensResponse
+
 class StopRunRequest(google.protobuf.message.Message):
     DESCRIPTOR: google.protobuf.descriptor.Descriptor
     RUN_ID_FIELD_NUMBER: builtins.int

flwr/proto/exec_pb2_grpc.py

@@ -34,6 +34,16 @@ class ExecStub(object):
                 request_serializer=flwr_dot_proto_dot_exec__pb2.ListRunsRequest.SerializeToString,
                 response_deserializer=flwr_dot_proto_dot_exec__pb2.ListRunsResponse.FromString,
                 )
+        self.GetLoginDetails = channel.unary_unary(
+                '/flwr.proto.Exec/GetLoginDetails',
+                request_serializer=flwr_dot_proto_dot_exec__pb2.GetLoginDetailsRequest.SerializeToString,
+                response_deserializer=flwr_dot_proto_dot_exec__pb2.GetLoginDetailsResponse.FromString,
+                )
+        self.GetAuthTokens = channel.unary_unary(
+                '/flwr.proto.Exec/GetAuthTokens',
+                request_serializer=flwr_dot_proto_dot_exec__pb2.GetAuthTokensRequest.SerializeToString,
+                response_deserializer=flwr_dot_proto_dot_exec__pb2.GetAuthTokensResponse.FromString,
+                )
 
 
 class ExecServicer(object):
@@ -67,6 +77,20 @@ class ExecServicer(object):
         context.set_details('Method not implemented!')
         raise NotImplementedError('Method not implemented!')
 
+    def GetLoginDetails(self, request, context):
+        """Get login details upon request
+        """
+        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+        context.set_details('Method not implemented!')
+        raise NotImplementedError('Method not implemented!')
+
+    def GetAuthTokens(self, request, context):
+        """Get auth tokens upon request
+        """
+        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+        context.set_details('Method not implemented!')
+        raise NotImplementedError('Method not implemented!')
+
 
 def add_ExecServicer_to_server(servicer, server):
     rpc_method_handlers = {
@@ -90,6 +114,16 @@ def add_ExecServicer_to_server(servicer, server):
                     request_deserializer=flwr_dot_proto_dot_exec__pb2.ListRunsRequest.FromString,
                     response_serializer=flwr_dot_proto_dot_exec__pb2.ListRunsResponse.SerializeToString,
             ),
+            'GetLoginDetails': grpc.unary_unary_rpc_method_handler(
+                    servicer.GetLoginDetails,
+                    request_deserializer=flwr_dot_proto_dot_exec__pb2.GetLoginDetailsRequest.FromString,
+                    response_serializer=flwr_dot_proto_dot_exec__pb2.GetLoginDetailsResponse.SerializeToString,
+            ),
+            'GetAuthTokens': grpc.unary_unary_rpc_method_handler(
+                    servicer.GetAuthTokens,
+                    request_deserializer=flwr_dot_proto_dot_exec__pb2.GetAuthTokensRequest.FromString,
+                    response_serializer=flwr_dot_proto_dot_exec__pb2.GetAuthTokensResponse.SerializeToString,
+            ),
     }
     generic_handler = grpc.method_handlers_generic_handler(
             'flwr.proto.Exec', rpc_method_handlers)
@@ -167,3 +201,37 @@ class Exec(object):
             flwr_dot_proto_dot_exec__pb2.ListRunsResponse.FromString,
             options, channel_credentials,
             insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+
+    @staticmethod
+    def GetLoginDetails(request,
+            target,
+            options=(),
+            channel_credentials=None,
+            call_credentials=None,
+            insecure=False,
+            compression=None,
+            wait_for_ready=None,
+            timeout=None,
+            metadata=None):
+        return grpc.experimental.unary_unary(request, target, '/flwr.proto.Exec/GetLoginDetails',
+            flwr_dot_proto_dot_exec__pb2.GetLoginDetailsRequest.SerializeToString,
+            flwr_dot_proto_dot_exec__pb2.GetLoginDetailsResponse.FromString,
+            options, channel_credentials,
+            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+
+    @staticmethod
+    def GetAuthTokens(request,
+            target,
+            options=(),
+            channel_credentials=None,
+            call_credentials=None,
+            insecure=False,
+            compression=None,
+            wait_for_ready=None,
+            timeout=None,
+            metadata=None):
+        return grpc.experimental.unary_unary(request, target, '/flwr.proto.Exec/GetAuthTokens',
+            flwr_dot_proto_dot_exec__pb2.GetAuthTokensRequest.SerializeToString,
+            flwr_dot_proto_dot_exec__pb2.GetAuthTokensResponse.FromString,
+            options, channel_credentials,
+            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)

flwr/proto/exec_pb2_grpc.pyi

@@ -29,6 +29,16 @@ class ExecStub:
         flwr.proto.exec_pb2.ListRunsResponse]
     """flwr ls command"""
 
+    GetLoginDetails: grpc.UnaryUnaryMultiCallable[
+        flwr.proto.exec_pb2.GetLoginDetailsRequest,
+        flwr.proto.exec_pb2.GetLoginDetailsResponse]
+    """Get login details upon request"""
+
+    GetAuthTokens: grpc.UnaryUnaryMultiCallable[
+        flwr.proto.exec_pb2.GetAuthTokensRequest,
+        flwr.proto.exec_pb2.GetAuthTokensResponse]
+    """Get auth tokens upon request"""
+
 
 class ExecServicer(metaclass=abc.ABCMeta):
     @abc.abstractmethod
@@ -63,5 +73,21 @@ class ExecServicer(metaclass=abc.ABCMeta):
         """flwr ls command"""
         pass
 
+    @abc.abstractmethod
+    def GetLoginDetails(self,
+        request: flwr.proto.exec_pb2.GetLoginDetailsRequest,
+        context: grpc.ServicerContext,
+    ) -> flwr.proto.exec_pb2.GetLoginDetailsResponse:
+        """Get login details upon request"""
+        pass
+
+    @abc.abstractmethod
+    def GetAuthTokens(self,
+        request: flwr.proto.exec_pb2.GetAuthTokensRequest,
+        context: grpc.ServicerContext,
+    ) -> flwr.proto.exec_pb2.GetAuthTokensResponse:
+        """Get auth tokens upon request"""
+        pass
+
 
 def add_ExecServicer_to_server(servicer: ExecServicer, server: grpc.Server) -> None: ...

flwr/proto/simulationio_pb2.py

@@ -18,7 +18,7 @@ from flwr.proto import run_pb2 as flwr_dot_proto_dot_run__pb2
 from flwr.proto import fab_pb2 as flwr_dot_proto_dot_fab__pb2
 
 
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1d\x66lwr/proto/simulationio.proto\x12\nflwr.proto\x1a\x14\x66lwr/proto/log.proto\x1a\x18\x66lwr/proto/message.proto\x1a\x14\x66lwr/proto/run.proto\x1a\x14\x66lwr/proto/fab.proto\"\x1d\n\x1bPullSimulationInputsRequest\"\x80\x01\n\x1cPullSimulationInputsResponse\x12$\n\x07\x63ontext\x18\x01 \x01(\x0b\x32\x13.flwr.proto.Context\x12\x1c\n\x03run\x18\x02 \x01(\x0b\x32\x0f.flwr.proto.Run\x12\x1c\n\x03\x66\x61\x62\x18\x03 \x01(\x0b\x32\x0f.flwr.proto.Fab\"T\n\x1cPushSimulationOutputsRequest\x12\x0e\n\x06run_id\x18\x01 \x01(\x04\x12$\n\x07\x63ontext\x18\x02 \x01(\x0b\x32\x13.flwr.proto.Context\"\x1f\n\x1dPushSimulationOutputsResponse2\xff\x03\n\x0cSimulationIo\x12k\n\x14PullSimulationInputs\x12\'.flwr.proto.PullSimulationInputsRequest\x1a(.flwr.proto.PullSimulationInputsResponse\"\x00\x12n\n\x15PushSimulationOutputs\x12(.flwr.proto.PushSimulationOutputsRequest\x1a).flwr.proto.PushSimulationOutputsResponse\"\x00\x12\\\n\x0fUpdateRunStatus\x12\".flwr.proto.UpdateRunStatusRequest\x1a#.flwr.proto.UpdateRunStatusResponse\"\x00\x12G\n\x08PushLogs\x12\x1b.flwr.proto.PushLogsRequest\x1a\x1c.flwr.proto.PushLogsResponse\"\x00\x12k\n\x14GetFederationOptions\x12\'.flwr.proto.GetFederationOptionsRequest\x1a(.flwr.proto.GetFederationOptionsResponse\"\x00\x62\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1d\x66lwr/proto/simulationio.proto\x12\nflwr.proto\x1a\x14\x66lwr/proto/log.proto\x1a\x18\x66lwr/proto/message.proto\x1a\x14\x66lwr/proto/run.proto\x1a\x14\x66lwr/proto/fab.proto\"\x1d\n\x1bPullSimulationInputsRequest\"\x80\x01\n\x1cPullSimulationInputsResponse\x12$\n\x07\x63ontext\x18\x01 \x01(\x0b\x32\x13.flwr.proto.Context\x12\x1c\n\x03run\x18\x02 \x01(\x0b\x32\x0f.flwr.proto.Run\x12\x1c\n\x03\x66\x61\x62\x18\x03 \x01(\x0b\x32\x0f.flwr.proto.Fab\"T\n\x1cPushSimulationOutputsRequest\x12\x0e\n\x06run_id\x18\x01 \x01(\x04\x12$\n\x07\x63ontext\x18\x02 \x01(\x0b\x32\x13.flwr.proto.Context\"\x1f\n\x1dPushSimulationOutputsResponse2\xd4\x04\n\x0cSimulationIo\x12k\n\x14PullSimulationInputs\x12\'.flwr.proto.PullSimulationInputsRequest\x1a(.flwr.proto.PullSimulationInputsResponse\"\x00\x12n\n\x15PushSimulationOutputs\x12(.flwr.proto.PushSimulationOutputsRequest\x1a).flwr.proto.PushSimulationOutputsResponse\"\x00\x12\\\n\x0fUpdateRunStatus\x12\".flwr.proto.UpdateRunStatusRequest\x1a#.flwr.proto.UpdateRunStatusResponse\"\x00\x12G\n\x08PushLogs\x12\x1b.flwr.proto.PushLogsRequest\x1a\x1c.flwr.proto.PushLogsResponse\"\x00\x12k\n\x14GetFederationOptions\x12\'.flwr.proto.GetFederationOptionsRequest\x1a(.flwr.proto.GetFederationOptionsResponse\"\x00\x12S\n\x0cGetRunStatus\x12\x1f.flwr.proto.GetRunStatusRequest\x1a .flwr.proto.GetRunStatusResponse\"\x00\x62\x06proto3')
 
 _globals = globals()
 _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals)
@@ -34,5 +34,5 @@ if _descriptor._USE_C_DESCRIPTORS == False:
   _globals['_PUSHSIMULATIONOUTPUTSRESPONSE']._serialized_start=385
   _globals['_PUSHSIMULATIONOUTPUTSRESPONSE']._serialized_end=416
   _globals['_SIMULATIONIO']._serialized_start=419
-  _globals['_SIMULATIONIO']._serialized_end=930
+  _globals['_SIMULATIONIO']._serialized_end=1015
 # @@protoc_insertion_point(module_scope)

flwr/proto/simulationio_pb2_grpc.py

@@ -41,6 +41,11 @@ class SimulationIoStub(object):
                 request_serializer=flwr_dot_proto_dot_run__pb2.GetFederationOptionsRequest.SerializeToString,
                 response_deserializer=flwr_dot_proto_dot_run__pb2.GetFederationOptionsResponse.FromString,
                 )
+        self.GetRunStatus = channel.unary_unary(
+                '/flwr.proto.SimulationIo/GetRunStatus',
+                request_serializer=flwr_dot_proto_dot_run__pb2.GetRunStatusRequest.SerializeToString,
+                response_deserializer=flwr_dot_proto_dot_run__pb2.GetRunStatusResponse.FromString,
+                )
 
 
 class SimulationIoServicer(object):
@@ -81,6 +86,13 @@ class SimulationIoServicer(object):
         context.set_details('Method not implemented!')
         raise NotImplementedError('Method not implemented!')
 
+    def GetRunStatus(self, request, context):
+        """Get Run Status
+        """
+        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
+        context.set_details('Method not implemented!')
+        raise NotImplementedError('Method not implemented!')
+
 
 def add_SimulationIoServicer_to_server(servicer, server):
     rpc_method_handlers = {
@@ -109,6 +121,11 @@ def add_SimulationIoServicer_to_server(servicer, server):
                     request_deserializer=flwr_dot_proto_dot_run__pb2.GetFederationOptionsRequest.FromString,
                     response_serializer=flwr_dot_proto_dot_run__pb2.GetFederationOptionsResponse.SerializeToString,
             ),
+            'GetRunStatus': grpc.unary_unary_rpc_method_handler(
+                    servicer.GetRunStatus,
+                    request_deserializer=flwr_dot_proto_dot_run__pb2.GetRunStatusRequest.FromString,
+                    response_serializer=flwr_dot_proto_dot_run__pb2.GetRunStatusResponse.SerializeToString,
+            ),
     }
     generic_handler = grpc.method_handlers_generic_handler(
             'flwr.proto.SimulationIo', rpc_method_handlers)
@@ -203,3 +220,20 @@ class SimulationIo(object):
             flwr_dot_proto_dot_run__pb2.GetFederationOptionsResponse.FromString,
             options, channel_credentials,
             insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
+
+    @staticmethod
+    def GetRunStatus(request,
+            target,
+            options=(),
+            channel_credentials=None,
+            call_credentials=None,
+            insecure=False,
+            compression=None,
+            wait_for_ready=None,
+            timeout=None,
+            metadata=None):
+        return grpc.experimental.unary_unary(request, target, '/flwr.proto.SimulationIo/GetRunStatus',
+            flwr_dot_proto_dot_run__pb2.GetRunStatusRequest.SerializeToString,
+            flwr_dot_proto_dot_run__pb2.GetRunStatusResponse.FromString,
+            options, channel_credentials,
+            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)

flwr/proto/simulationio_pb2_grpc.pyi

@@ -35,6 +35,11 @@ class SimulationIoStub:
         flwr.proto.run_pb2.GetFederationOptionsResponse]
     """Get Federation Options"""
 
+    GetRunStatus: grpc.UnaryUnaryMultiCallable[
+        flwr.proto.run_pb2.GetRunStatusRequest,
+        flwr.proto.run_pb2.GetRunStatusResponse]
+    """Get Run Status"""
+
 
 class SimulationIoServicer(metaclass=abc.ABCMeta):
     @abc.abstractmethod
@@ -77,5 +82,13 @@ class SimulationIoServicer(metaclass=abc.ABCMeta):
         """Get Federation Options"""
         pass
 
+    @abc.abstractmethod
+    def GetRunStatus(self,
+        request: flwr.proto.run_pb2.GetRunStatusRequest,
+        context: grpc.ServicerContext,
+    ) -> flwr.proto.run_pb2.GetRunStatusResponse:
+        """Get Run Status"""
+        pass
+
 
 def add_SimulationIoServicer_to_server(servicer: SimulationIoServicer, server: grpc.Server) -> None: ...

flwr/server/app.py

@@ -24,9 +24,10 @@ from collections.abc import Sequence
 from logging import DEBUG, INFO, WARN
 from pathlib import Path
 from time import sleep
-from typing import Optional
+from typing import Any, Optional
 
 import grpc
+import yaml
 from cryptography.exceptions import UnsupportedAlgorithm
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.hazmat.primitives.serialization import (
@@ -37,8 +38,10 @@ from cryptography.hazmat.primitives.serialization import (
 from flwr.common import GRPC_MAX_MESSAGE_LENGTH, EventType, event
 from flwr.common.address import parse_address
 from flwr.common.args import try_obtain_server_certificates
+from flwr.common.auth_plugin import ExecAuthPlugin
 from flwr.common.config import get_flwr_dir, parse_config_args
 from flwr.common.constant import (
+    AUTH_TYPE,
     CLIENT_OCTET,
     EXEC_API_DEFAULT_SERVER_ADDRESS,
     FLEET_API_GRPC_BIDI_DEFAULT_ADDRESS,
@@ -88,6 +91,15 @@ DATABASE = ":flwr-in-memory-state:"
 BASE_DIR = get_flwr_dir() / "superlink" / "ffs"
 
 
+try:
+    from flwr.ee import get_exec_auth_plugins
+except ImportError:
+
+    def get_exec_auth_plugins() -> dict[str, type[ExecAuthPlugin]]:
+        """Return all Exec API authentication plugins."""
+        raise NotImplementedError("No authentication plugins are currently supported.")
+
+
 def start_server(  # pylint: disable=too-many-arguments,too-many-locals
     *,
     server_address: str = FLEET_API_GRPC_BIDI_DEFAULT_ADDRESS,
@@ -246,6 +258,12 @@ def run_superlink() -> None:
     # Obtain certificates
     certificates = try_obtain_server_certificates(args, args.fleet_api_type)
 
+    user_auth_config = _try_obtain_user_auth_config(args)
+    auth_plugin: Optional[ExecAuthPlugin] = None
+    # user_auth_config is None only if the args.user_auth_config is not provided
+    if user_auth_config is not None:
+        auth_plugin = _try_obtain_exec_auth_plugin(user_auth_config)
+
     # Initialize StateFactory
     state_factory = LinkStateFactory(args.database)
 
@@ -263,6 +281,7 @@ def run_superlink() -> None:
         config=parse_config_args(
             [args.executor_config] if args.executor_config else args.executor_config
         ),
+        auth_plugin=auth_plugin,
     )
     grpc_servers = [exec_server]
 
@@ -559,6 +578,32 @@ def _try_setup_node_authentication(
         )
 
 
+def _try_obtain_user_auth_config(args: argparse.Namespace) -> Optional[dict[str, Any]]:
+    if args.user_auth_config is not None:
+        with open(args.user_auth_config, encoding="utf-8") as file:
+            config: dict[str, Any] = yaml.safe_load(file)
+            return config
+    return None
+
+
+def _try_obtain_exec_auth_plugin(config: dict[str, Any]) -> Optional[ExecAuthPlugin]:
+    auth_config: dict[str, Any] = config.get("authentication", {})
+    auth_type: str = auth_config.get(AUTH_TYPE, "")
+    try:
+        all_plugins: dict[str, type[ExecAuthPlugin]] = get_exec_auth_plugins()
+        auth_plugin_class = all_plugins[auth_type]
+        return auth_plugin_class(config=auth_config)
+    except KeyError:
+        if auth_type != "":
+            sys.exit(
+                f'Authentication type "{auth_type}" is not supported. '
+                "Please provide a valid authentication type in the configuration."
+            )
+        sys.exit("No authentication type is provided in the configuration.")
+    except NotImplementedError:
+        sys.exit("No authentication plugins are currently supported.")
+
+
 def _run_fleet_api_grpc_rere(
     address: str,
     state_factory: LinkStateFactory,
@@ -746,6 +791,12 @@ def _add_args_common(parser: argparse.ArgumentParser) -> None:
         type=str,
         help="The SuperLink's public key (as a path str) to enable authentication.",
     )
+    parser.add_argument(
+        "--user-auth-config",
+        help="The path to the user authentication configuration YAML file.",
+        type=str,
+        default=None,
+    )
 
 
 def _add_args_serverappio_api(parser: argparse.ArgumentParser) -> None:

flwr/server/superlink/simulation/simulationio_servicer.py

@@ -28,6 +28,7 @@ from flwr.common.serde import (
     context_to_proto,
     fab_to_proto,
     run_status_from_proto,
+    run_status_to_proto,
     run_to_proto,
 )
 from flwr.common.typing import Fab, RunStatus
@@ -39,6 +40,8 @@ from flwr.proto.log_pb2 import (  # pylint: disable=E0611
 from flwr.proto.run_pb2 import (  # pylint: disable=E0611
     GetFederationOptionsRequest,
     GetFederationOptionsResponse,
+    GetRunStatusRequest,
+    GetRunStatusResponse,
     UpdateRunStatusRequest,
     UpdateRunStatusResponse,
 )
@@ -122,6 +125,22 @@ class SimulationIoServicer(simulationio_pb2_grpc.SimulationIoServicer):
         )
         return UpdateRunStatusResponse()
 
+    def GetRunStatus(
+        self, request: GetRunStatusRequest, context: ServicerContext
+    ) -> GetRunStatusResponse:
+        """Get status of requested runs."""
+        log(DEBUG, "SimultionIoServicer.GetRunStatus")
+        state = self.state_factory.state()
+
+        statuses = state.get_run_status(set(request.run_ids))
+
+        return GetRunStatusResponse(
+            run_status_dict={
+                run_id: run_status_to_proto(status)
+                for run_id, status in statuses.items()
+            }
+        )
+
     def PushLogs(
         self, request: PushLogsRequest, context: grpc.ServicerContext
     ) -> PushLogsResponse:

flwr/superexec/exec_grpc.py

@@ -14,18 +14,21 @@
 # ==============================================================================
 """SuperExec gRPC API."""
 
+from collections.abc import Sequence
 from logging import INFO
 from typing import Optional
 
 import grpc
 
 from flwr.common import GRPC_MAX_MESSAGE_LENGTH
+from flwr.common.auth_plugin import ExecAuthPlugin
 from flwr.common.logger import log
 from flwr.common.typing import UserConfig
 from flwr.proto.exec_pb2_grpc import add_ExecServicer_to_server
 from flwr.server.superlink.ffs.ffs_factory import FfsFactory
 from flwr.server.superlink.fleet.grpc_bidi.grpc_server import generic_create_grpc_server
 from flwr.server.superlink.linkstate import LinkStateFactory
+from flwr.superexec.exec_user_auth_interceptor import ExecUserAuthInterceptor
 
 from .exec_servicer import ExecServicer
 from .executor import Executor
@@ -39,6 +42,7 @@ def run_exec_api_grpc(
     ffs_factory: FfsFactory,
     certificates: Optional[tuple[bytes, bytes, bytes]],
     config: UserConfig,
+    auth_plugin: Optional[ExecAuthPlugin] = None,
 ) -> grpc.Server:
     """Run Exec API (gRPC, request-response)."""
     executor.set_config(config)
@@ -47,16 +51,29 @@ def run_exec_api_grpc(
         linkstate_factory=state_factory,
         ffs_factory=ffs_factory,
         executor=executor,
+        auth_plugin=auth_plugin,
     )
+    interceptors: Optional[Sequence[grpc.ServerInterceptor]] = None
+    if auth_plugin is not None:
+        interceptors = [ExecUserAuthInterceptor(auth_plugin)]
     exec_add_servicer_to_server_fn = add_ExecServicer_to_server
     exec_grpc_server = generic_create_grpc_server(
         servicer_and_add_fn=(exec_servicer, exec_add_servicer_to_server_fn),
         server_address=address,
         max_message_length=GRPC_MAX_MESSAGE_LENGTH,
         certificates=certificates,
+        interceptors=interceptors,
     )
 
-    log(INFO, "Flower Deployment Engine: Starting Exec API on %s", address)
+    if auth_plugin is None:
+        log(INFO, "Flower Deployment Engine: Starting Exec API on %s", address)
+    else:
+        log(
+            INFO,
+            "Flower Deployment Engine: Starting Exec API with user "
+            "authentication on %s",
+            address,
+        )
     exec_grpc_server.start()
 
     return exec_grpc_server

flwr/superexec/exec_servicer.py

@@ -18,11 +18,12 @@
 import time
 from collections.abc import Generator
 from logging import ERROR, INFO
-from typing import Any
+from typing import Any, Optional
 
 import grpc
 
 from flwr.common import now
+from flwr.common.auth_plugin import ExecAuthPlugin
 from flwr.common.constant import LOG_STREAM_INTERVAL, Status, SubStatus
 from flwr.common.logger import log
 from flwr.common.serde import (
@@ -33,6 +34,10 @@ from flwr.common.serde import (
 from flwr.common.typing import RunStatus
 from flwr.proto import exec_pb2_grpc  # pylint: disable=E0611
 from flwr.proto.exec_pb2 import (  # pylint: disable=E0611
+    GetAuthTokensRequest,
+    GetAuthTokensResponse,
+    GetLoginDetailsRequest,
+    GetLoginDetailsResponse,
     ListRunsRequest,
     ListRunsResponse,
     StartRunRequest,
@@ -56,11 +61,13 @@ class ExecServicer(exec_pb2_grpc.ExecServicer):
         linkstate_factory: LinkStateFactory,
         ffs_factory: FfsFactory,
         executor: Executor,
+        auth_plugin: Optional[ExecAuthPlugin] = None,
     ) -> None:
         self.linkstate_factory = linkstate_factory
         self.ffs_factory = ffs_factory
         self.executor = executor
         self.executor.initialize(linkstate_factory, ffs_factory)
+        self.auth_plugin = auth_plugin
 
     def StartRun(
         self, request: StartRunRequest, context: grpc.ServicerContext
@@ -155,6 +162,36 @@ class ExecServicer(exec_pb2_grpc.ExecServicer):
         )
         return StopRunResponse(success=update_success)
 
+    def GetLoginDetails(
+        self, request: GetLoginDetailsRequest, context: grpc.ServicerContext
+    ) -> GetLoginDetailsResponse:
+        """Start login."""
+        log(INFO, "ExecServicer.GetLoginDetails")
+        if self.auth_plugin is None:
+            context.abort(
+                grpc.StatusCode.UNIMPLEMENTED,
+                "ExecServicer initialized without user authentication",
+            )
+            raise grpc.RpcError()  # This line is unreachable
+        return GetLoginDetailsResponse(
+            login_details=self.auth_plugin.get_login_details()
+        )
+
+    def GetAuthTokens(
+        self, request: GetAuthTokensRequest, context: grpc.ServicerContext
+    ) -> GetAuthTokensResponse:
+        """Get auth token."""
+        log(INFO, "ExecServicer.GetAuthTokens")
+        if self.auth_plugin is None:
+            context.abort(
+                grpc.StatusCode.UNIMPLEMENTED,
+                "ExecServicer initialized without user authentication",
+            )
+            raise grpc.RpcError()  # This line is unreachable
+        return GetAuthTokensResponse(
+            auth_tokens=self.auth_plugin.get_auth_tokens(dict(request.auth_details))
+        )
+
 
 def _create_list_runs_response(run_ids: set[int], state: LinkState) -> ListRunsResponse:
     """Create response for `flwr ls --runs` and `flwr ls --run-id <run_id>`."""

flwr/superexec/exec_user_auth_interceptor.py

@@ -0,0 +1,101 @@
+# Copyright 2024 Flower Labs GmbH. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ==============================================================================
+"""Flower Exec API interceptor."""
+
+
+from typing import Any, Callable, Union
+
+import grpc
+
+from flwr.common.auth_plugin import ExecAuthPlugin
+from flwr.proto.exec_pb2 import (  # pylint: disable=E0611
+    GetAuthTokensRequest,
+    GetAuthTokensResponse,
+    GetLoginDetailsRequest,
+    GetLoginDetailsResponse,
+    StartRunRequest,
+    StartRunResponse,
+    StreamLogsRequest,
+    StreamLogsResponse,
+)
+
+Request = Union[
+    StartRunRequest,
+    StreamLogsRequest,
+    GetLoginDetailsRequest,
+    GetAuthTokensRequest,
+]
+
+Response = Union[
+    StartRunResponse, StreamLogsResponse, GetLoginDetailsResponse, GetAuthTokensResponse
+]
+
+
+class ExecUserAuthInterceptor(grpc.ServerInterceptor):  # type: ignore
+    """Exec API interceptor for user authentication."""
+
+    def __init__(
+        self,
+        auth_plugin: ExecAuthPlugin,
+    ):
+        self.auth_plugin = auth_plugin
+
+    def intercept_service(
+        self,
+        continuation: Callable[[Any], Any],
+        handler_call_details: grpc.HandlerCallDetails,
+    ) -> grpc.RpcMethodHandler:
+        """Flower server interceptor authentication logic.
+
+        Intercept all unary-unary/unary-stream calls from users and authenticate users
+        by validating auth metadata sent by the user. Continue RPC call if user is
+        authenticated, else, terminate RPC call by setting context to abort.
+        """
+        # One of the method handlers in
+        # `flwr.superexec.exec_servicer.ExecServicer`
+        method_handler: grpc.RpcMethodHandler = continuation(handler_call_details)
+        return self._generic_auth_unary_method_handler(method_handler)
+
+    def _generic_auth_unary_method_handler(
+        self, method_handler: grpc.RpcMethodHandler
+    ) -> grpc.RpcMethodHandler:
+        def _generic_method_handler(
+            request: Request,
+            context: grpc.ServicerContext,
+        ) -> Response:
+            call = method_handler.unary_unary or method_handler.unary_stream
+            metadata = context.invocation_metadata()
+            if isinstance(
+                request, (GetLoginDetailsRequest, GetAuthTokensRequest)
+            ) or self.auth_plugin.validate_tokens_in_metadata(metadata):
+                return call(request, context)  # type: ignore
+
+            tokens = self.auth_plugin.refresh_tokens(context.invocation_metadata())
+            if tokens is not None:
+                context.send_initial_metadata(tokens)
+                return call(request, context)  # type: ignore
+
+            context.abort(grpc.StatusCode.UNAUTHENTICATED, "Access denied")
+            raise grpc.RpcError()  # This line is unreachable
+
+        if method_handler.unary_unary:
+            message_handler = grpc.unary_unary_rpc_method_handler
+        else:
+            message_handler = grpc.unary_stream_rpc_method_handler
+        return message_handler(
+            _generic_method_handler,
+            request_deserializer=method_handler.request_deserializer,
+            response_serializer=method_handler.response_serializer,
+        )

{flwr_nightly-1.14.0.dev20241208.dist-info → flwr_nightly-1.14.0.dev20241210.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: flwr-nightly
-Version: 1.14.0.dev20241208
+Version: 1.14.0.dev20241210
 Summary: Flower: A Friendly Federated AI Framework
 Home-page: https://flower.ai
 License: Apache-2.0
@@ -39,8 +39,9 @@ Requires-Dist: numpy (>=1.26.0,<3.0.0)
 Requires-Dist: pathspec (>=0.12.1,<0.13.0)
 Requires-Dist: protobuf (>=4.25.2,<5.0.0)
 Requires-Dist: pycryptodome (>=3.18.0,<4.0.0)
+Requires-Dist: pyyaml (>=6.0.2,<7.0.0)
 Requires-Dist: ray (==2.10.0) ; (python_version >= "3.9" and python_version < "3.12") and (extra == "simulation")
-Requires-Dist: requests (>=2.31.0,<3.0.0) ; extra == "rest"
+Requires-Dist: requests (>=2.31.0,<3.0.0)
 Requires-Dist: rich (>=13.5.0,<14.0.0)
 Requires-Dist: starlette (>=0.31.0,<0.32.0) ; extra == "rest"
 Requires-Dist: tomli (>=2.0.1,<3.0.0)

{flwr_nightly-1.14.0.dev20241208.dist-info → flwr_nightly-1.14.0.dev20241210.dist-info}/RECORD

@@ -108,8 +108,10 @@ flwr/client/typing.py,sha256=dxoTBnTMfqXr5J7G3y-uNjqxYCddvxhu89spfj4Lm2U,1048
 flwr/common/__init__.py,sha256=TVaoFEJE158aui1TPZQiJCDZX4RNHRyI8I55VC80HhI,3901
 flwr/common/address.py,sha256=7kM2Rqjw86-c8aKwAvrXerWqznnVv4TFJ62aSAeTn10,3017
 flwr/common/args.py,sha256=-KeQ6AZw1-G4Ifhsg4qlRnWhGH1m_OzUgxH7Z4j_0ns,6222
+flwr/common/auth_plugin/__init__.py,sha256=1Y8Oj3iB49IHDu9tvDih1J74Ygu7k85V9s2A4WORPyA,887
+flwr/common/auth_plugin/auth_plugin.py,sha256=6WEAVVPrS7LgSBpd4WyHYU4EsajT2nBGI_IN3mhYzoU,3567
 flwr/common/config.py,sha256=qC1QvGAGr4faBtg3Y5dWhfyK5FggyWUMjPqg-Rx_FW4,8083
-flwr/common/constant.py,sha256=G1arzDznYIlhUpkrk31-k-pJsRcOuoAoscI6bGe59nE,5792
+flwr/common/constant.py,sha256=-HoTq6u_9VGbva21qTm_vfvQV9cxV7LwsvvlHEBjNwk,5817
 flwr/common/context.py,sha256=uJ-mnoC_8y_udEb3kAX-r8CPphNTWM72z1AlsvQEu54,2403
 flwr/common/date.py,sha256=NHHpESce5wYqEwoDXf09gp9U9l_5Bmlh2BsOcwS-kDM,1554
 flwr/common/differential_privacy.py,sha256=XwcJ3rWr8S8BZUocc76vLSJAXIf6OHnWkBV6-xlIRuw,6106
@@ -152,10 +154,10 @@ flwr/proto/error_pb2.py,sha256=LarjKL90LbwkXKlhzNrDssgl4DXcvIPve8NVCXHpsKA,1084
 flwr/proto/error_pb2.pyi,sha256=ZNH4HhJTU_KfMXlyCeg8FwU-fcUYxTqEmoJPtWtHikc,734
 flwr/proto/error_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
 flwr/proto/error_pb2_grpc.pyi,sha256=ff2TSiLVnG6IVQcTGzb2DIH3XRSoAvAo_RMcvbMFyc0,76
-flwr/proto/exec_pb2.py,sha256=dSxDJm2rRXw7zhV6MTrJJyU51oqMNWDm0JUzVvD86BI,4484
-flwr/proto/exec_pb2.pyi,sha256=xWfRQHFOLAxPqLkAaecihNK5_zlAfqE0NUJuSjPViXw,7145
-flwr/proto/exec_pb2_grpc.py,sha256=z_9Hw-VapmkyfNlAOyvy2xJel1jo6P2oZgduOxnHPeE,7163
-flwr/proto/exec_pb2_grpc.pyi,sha256=VDsnz9vJeweJdKCNyygDqSDfyR6LoHA4mwWViF2f7AI,2000
+flwr/proto/exec_pb2.py,sha256=IVqmpzzThSjuLBCF8T9VofTpnUXtp3SYWOEp8dzyv5o,6883
+flwr/proto/exec_pb2.pyi,sha256=amt-3e3zJVjkRlQ8Gz6m1A7hXyeZmbQhHpAEIQyIDn0,10660
+flwr/proto/exec_pb2_grpc.py,sha256=-bdLqjsqQxK9R8LIiZaKlLKH2NmjR50EaGKTPPTwFhI,10445
+flwr/proto/exec_pb2_grpc.pyi,sha256=M5k-FzeLWxal7zt28LJfzMWWRxmNknTC2BzHRRMa1sQ,2914
 flwr/proto/fab_pb2.py,sha256=3QSDq9pjbZoqVxsmCRDwHO5PrSjzn2vixjYxE-qPmb0,1589
 flwr/proto/fab_pb2.pyi,sha256=fXI108QaFtbl1WWTyslPbIx9c_19D0aYCoFn0xYtL4U,2277
 flwr/proto/fab_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
@@ -192,10 +194,10 @@ flwr/proto/serverappio_pb2.py,sha256=zWnODeaj26oSx98-BFvwtWM_fYvsw9OeSIuV7JnKVvw
 flwr/proto/serverappio_pb2.pyi,sha256=Ib9c32FCtjA9zZY54Ohi6B-DtLgSjokAqOExm_2uOvY,6429
 flwr/proto/serverappio_pb2_grpc.py,sha256=M__pFMmb9yTAGMHVd3_K1V6DeLRuFc9UErJHWjBAsZs,17439
 flwr/proto/serverappio_pb2_grpc.pyi,sha256=ERM-0cQVmUqrVXlvEbS2wfUZpZmv5SlIeNsGZPYMrVo,4779
-flwr/proto/simulationio_pb2.py,sha256=sCJQp_NEJSDtC4EKzyy2yZWtu9z7PGUUFJpLjdA9VUs,3011
+flwr/proto/simulationio_pb2.py,sha256=Fv7m8d4vR_0CIGU93nN5tDXSCk2QPbASH_8mT2wBPTE,3117
 flwr/proto/simulationio_pb2.pyi,sha256=oXx8_FLBe5B54wduZj-f89kub73XxNtQbThuW8YfPAs,2660
-flwr/proto/simulationio_pb2_grpc.py,sha256=-qcd4rOOK-46LcP57oZswqwASpy2_UvMJmJ80OpzuNM,9622
-flwr/proto/simulationio_pb2_grpc.pyi,sha256=Bk4K7MsPpxF6RmIqByySQIXJeJ1pBrU2I19hrKUoFdI,2795
+flwr/proto/simulationio_pb2_grpc.py,sha256=9I3yAfJaeMuG-qH_5Ge45eFOftsIOmL9b8E_xHmcvKw,11232
+flwr/proto/simulationio_pb2_grpc.pyi,sha256=YHvKtyo7UdbBgdhoN0ndzZeB5vIC3JuR5PAJLrl-OKM,3206
 flwr/proto/task_pb2.py,sha256=R5GfHgL8IJRI_qHWNeILl1Y9zHjvB0tnCvMHmTgF4Is,2361
 flwr/proto/task_pb2.pyi,sha256=KJVsLm-THY5QjHreHDm_-OS1tyZyD61mx6BzOpoeMjw,4320
 flwr/proto/task_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
@@ -206,7 +208,7 @@ flwr/proto/transport_pb2_grpc.py,sha256=vLN3EHtx2aEEMCO4f1Upu-l27BPzd3-5pV-u8wPc
 flwr/proto/transport_pb2_grpc.pyi,sha256=AGXf8RiIiW2J5IKMlm_3qT3AzcDa4F3P5IqUjve_esA,766
 flwr/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 flwr/server/__init__.py,sha256=cEg1oecBu4cKB69iJCqWEylC8b5XW47bl7rQiJsdTvM,1528
-flwr/server/app.py,sha256=wes1HI5KJfzPry7bjztQDazn1FIca3CS6kEVM_6LLUY,28872
+flwr/server/app.py,sha256=c9XHwSYuTL3xU9BKEbKeEJ0frWveectLjSr_EA4lnT8,30868
 flwr/server/client_manager.py,sha256=7Ese0tgrH-i-ms363feYZJKwB8gWnXSmg_hYF2Bju4U,6227
 flwr/server/client_proxy.py,sha256=4G-oTwhb45sfWLx2uZdcXD98IZwdTS6F88xe3akCdUg,2399
 flwr/server/compat/__init__.py,sha256=VxnJtJyOjNFQXMNi9hIuzNlZM5n0Hj1p3aq_Pm2udw4,892
@@ -287,7 +289,7 @@ flwr/server/superlink/linkstate/sqlite_linkstate.py,sha256=XWr-2CWZTWCrGdXV_wYBB
 flwr/server/superlink/linkstate/utils.py,sha256=d5uqqIOCKfd54X8CFNfUr3AWqPLpgmzsC_RagRwFugM,13321
 flwr/server/superlink/simulation/__init__.py,sha256=mg-oapC9dkzEfjXPQFior5lpWj4g9kwbLovptyYM_g0,718
 flwr/server/superlink/simulation/simulationio_grpc.py,sha256=5wflYW_TS0mjmPG6OYuHMJwXD2_cYmUNhFkdOU0jMWQ,2237
-flwr/server/superlink/simulation/simulationio_servicer.py,sha256=LsW6Cl8qH_vq04F6CeOp3vBtjTGQn4tATKHfirDmJZQ,5942
+flwr/server/superlink/simulation/simulationio_servicer.py,sha256=riaZm090aTs7o8cFD8gvCWkX7A2SPLXKM4K8MG60av8,6545
 flwr/server/typing.py,sha256=5kaRLZuxTEse9A0g7aVna2VhYxU3wTq1f3d3mtw7kXs,1019
 flwr/server/utils/__init__.py,sha256=pltsPHJoXmUIr3utjwwYxu7_ZAGy5u4MVHzv9iA5Un8,908
 flwr/server/utils/tensorboard.py,sha256=gEBD8w_5uaIfp5aw5RYH66lYZpd_SfkObHQ7eDd9MUk,5466
@@ -310,12 +312,13 @@ flwr/simulation/simulationio_connection.py,sha256=m31L9Iej-61va48E5x-wJypA6p5s82
 flwr/superexec/__init__.py,sha256=fcj366jh4RFby_vDwLroU4kepzqbnJgseZD_jUr_Mko,715
 flwr/superexec/app.py,sha256=Tt3GonnTwHrMmicwx9XaP-crP78-bf4DUWl-N5cG6zY,1841
 flwr/superexec/deployment.py,sha256=7VYmmI12zEaTHp_cQtU1GLikmqhctUHhEdshBPRFHMs,6734
-flwr/superexec/exec_grpc.py,sha256=OuhBAk7hiky9rjGceinLGIXqchtzGPQThZnwyYv6Ei0,2241
-flwr/superexec/exec_servicer.py,sha256=qHWbGRuP702-JxlxFuztGlRdRoNET8G-0m1xwnoZgig,6016
+flwr/superexec/exec_grpc.py,sha256=hG1bxAbwB7Wt7R73931ib_UIcWvY628IIqk5rk3b25o,2896
+flwr/superexec/exec_servicer.py,sha256=jEYcASzkQR1ftjzilmlcTPKXo8NSno9mSj_UbBvMjGM,7467
+flwr/superexec/exec_user_auth_interceptor.py,sha256=K06OU-l4LnYhTDg071hGJuOaQWEJbZsYi5qxUmmtiG0,3704
 flwr/superexec/executor.py,sha256=zH3_53il6Jh0ZscIVEB9f4GNnXMeBbCGyCoBCxLgiG0,3114
 flwr/superexec/simulation.py,sha256=WQDon15oqpMopAZnwRZoTICYCfHqtkvFSqiTQ2hLD_g,4088
-flwr_nightly-1.14.0.dev20241208.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
-flwr_nightly-1.14.0.dev20241208.dist-info/METADATA,sha256=gRPLRI4oVh__pq8EKcawfWKgN8zkz7nB-4QnrtFiWfs,15679
-flwr_nightly-1.14.0.dev20241208.dist-info/WHEEL,sha256=FMvqSimYX_P7y0a7UY-_Mc83r5zkBZsCYPm7Lr0Bsq4,88
-flwr_nightly-1.14.0.dev20241208.dist-info/entry_points.txt,sha256=JlNxX3qhaV18_2yj5a3kJW1ESxm31cal9iS_N_pf1Rk,538
-flwr_nightly-1.14.0.dev20241208.dist-info/RECORD,,
+flwr_nightly-1.14.0.dev20241210.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+flwr_nightly-1.14.0.dev20241210.dist-info/METADATA,sha256=3DjOUcyJbLgmX8glq_Tt7SV70giiQh5JP39zfpFyLjE,15700
+flwr_nightly-1.14.0.dev20241210.dist-info/WHEEL,sha256=FMvqSimYX_P7y0a7UY-_Mc83r5zkBZsCYPm7Lr0Bsq4,88
+flwr_nightly-1.14.0.dev20241210.dist-info/entry_points.txt,sha256=JlNxX3qhaV18_2yj5a3kJW1ESxm31cal9iS_N_pf1Rk,538
+flwr_nightly-1.14.0.dev20241210.dist-info/RECORD,,