Skip to content

Feature: Add support for authenticating the Jamf collector with API client#7

Open
d3vzer0 wants to merge 12 commits into
mainfrom
feature/clientauth
Open

Feature: Add support for authenticating the Jamf collector with API client#7
d3vzer0 wants to merge 12 commits into
mainfrom
feature/clientauth

Conversation

@d3vzer0
Copy link
Copy Markdown
Collaborator

@d3vzer0 d3vzer0 commented May 26, 2026
edited
Loading

Description

This PR adds two auth methods for the Jamf collector:

  • Client/secret based authentication
  • Username/password based authentication

This does introduce a breaking change. Previously the credentials were configured as follows:

[sources.source.jamf]
username = ...
password = ...
host = ...

This update requires the config (secrets.toml) to be set as:

# For user/password auth
[sources.source.jamf.credentials]
username = ...
password = ...
host = ...

# For client based auth
[sources.source.jamf.credentials]
client_id = ...
client_secret = ...
host = ...

Motivation and Context

This adds support for different authentication methods.

Resolves: BED-2617

How Has This Been Tested?

  • Ran collection, preprocessing an conversion for the Jamf tenant. Compared the count of unique nodes/edges based on a collection dataset before this change and after this change.

Types of changes

  • Chore (a change that does not modify the application functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Based on: #6

@d3vzer0 d3vzer0 requested a review from Copilot May 26, 2026 21:27
Copilot AI reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new authentication layer for the Jamf collector so it can authenticate either via username/password or via OAuth client credentials, and wires that into the DLT REST client used by the collector.

Changes:

  • Introduces JamfPasswordCredentials and JamfClientCredentials plus a JamfAuth request auth handler.
  • Updates the Jamf DLT source() signature to take a single credentials object and uses it to configure the REST client (base URL + auth).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
src/openhound_jamf/source.py Switches the DLT source to accept unified credentials and uses JamfAuth for request authentication.
src/openhound_jamf/auth.py Adds credential models for password/client auth and implements token acquisition + request header injection.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/openhound_jamf/source.py
Comment thread src/openhound_jamf/auth.py Outdated
Comment thread src/openhound_jamf/auth.py
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@d3vzer0