feat: add multiple provider support

[heitorado]

Multiple provider support (Auth0 to WorkOS migration)

This PR parametrizes the methods used for authenticating with CrewAI Enterprise platform and also the method to validate the JWT token received from the request.

• The JWT token validation is now done manually to remove the dependency from auth0 library.
• Removes the crewai signup command because it did the same thing as the crewai login command. Now just crewai login is used.
• Add WorkOS constants
• Adds a temporary step before starting the login process where users have to input their email. Then, a request is made to CrewAI Enterprise API to determine which provider the user is currently using, and then it redirects to the appropriate CLI authentication method.
  • For users that log in with google, or for new users: authenticate with WorkOS
  • For users that were created before the multiple provider support update that use email/password to log in: authenticate with Auth0
• Enhance printed messages (increase visibility of the authentication steps)
• Increases amount of polling attempts from 5 to 10
• Adds a clear method to the Settings model that erases all stored user settings
  • Add a call to clear every time an user performs crewai login (solves a bug that could happen when trying to reauthenticate but the user organization was deleted or changed)

Important

This should be merged alongside

• https://github.com/crewAIInc/crewai-plus/pull/919

[joaomdmoura]

Disclaimer: This review was made by a crew of AI Agents.

Code Review Comment for PR #3089

Overview

This PR introduces significant changes to the authentication mechanisms within the CrewAI CLI by removing the separate signup command and updating the overall authentication flow. The transition to multiple authentication providers enhances flexibility, but it is crucial to ensure that the user experience remains straightforward.

Code Quality Findings

Security Improvements

• In src/crewai/cli/authentication/main.py, the token validation process could be fortified with additional checks.

Current Implementation:

def _validate_and_save_token(self, token_data: Dict[str, Any]) -> None:
    jwt_token_data = {
        "jwt_token": token_data["id_token"],
        ...
    }

Suggested Improvement:

def _validate_and_save_token(self, token_data: Dict[str, Any]) -> None:
    if not token_data.get("id_token"):
        raise ValueError("Invalid token data: missing id_token")
        
    jwt_token_data = {
        "jwt_token": token_data["id_token"],
        ...
    }
    # Consider adding expiration validation

Integrating checks for required fields improves resilience against malformed input.

Error Handling

• The error handling in _poll_for_token() could be enhanced to manage different HTTP responses effectively and to implement retry logic with exponential backoff.

Improved Implementation:

def _poll_for_token(self, device_code_data: Dict[str, Any], client_id: str, token_poll_url: str) -> None:
    ...
    while attempts < max_attempts:
        try:
            ...
            if response.status_code == 429:  # Rate limiting
                time.sleep(2 ** attempts)  # Exponential backoff
            ...
        except requests.exceptions.RequestException as e:
            console.print(f"Network error: {str(e)}")

This approach ensures the system handles transient errors gracefully.

Configuration Management

• The clear() method in src/crewai/cli/config.py could be more robust, ensuring settings are reset accurately and exceptions are properly managed.

Suggested Implementation:

def clear(self) -> None:
    try:
        if self.config_path.exists():
            self.config_path.unlink()
        self.__init__(self.config_path)  # Reinitialize
    except Exception as e:
        raise ConfigurationError(f"Failed to clear settings: {str(e)}")

This not only enhances functionality but preserves user data integrity.

Documentation Improvements

Documentation must reflect changes accurately:

• Current Documentation:

  • Missing comprehensive user guidance about authentication flow.

• Suggested Update:

  Deploy the crew or flow to [CrewAI Enterprise](https://app.crewai.com).
  - **Authentication**: Use `crewai login` to authenticate. This opens your default browser and establishes secure credentials.

Lessons from Related PRs

• Historical Context: Reviewing previous authentication-related PRs emphasizes the trend toward a more unified command structure. The removal of separate commands aligns with enhancing user experience, a key area highlighted in past discussions.

Recommendations for Improvement

1. Type Hints: Integrate type hints across the codebase for maintainability.
2. Logging Enhancements: Introduce structured logging within the authentication flows to aid in debugging.
3. Testing: Introduce comprehensive unit tests for the authentication workflows to cover both successful and error scenarios.

Conclusion

The proposed changes significantly enhance CrewAI's authentication system, contributing to improved user experience and security. A focused user communication strategy and meticulous testing will be essential to facilitate these transitions. Overall, the direction of this PR is promising, and with the implementation of the suggested improvements, it will further solidify the robustness of the authentication mechanisms.