OAuth2IdProvider
IdProvider based on OAuth2 protocol
- class DIRAC.Resources.IdProvider.OAuth2IdProvider.OAuth2IdProvider(**kwargs)
Bases:
OAuth2SessionBase class to describe the configuration of the OAuth2 client of the corresponding provider.
- DEFAULT_METADATA = {}
- JWKS_REFRESH_RATE = 86400
- METADATA_REFRESH_RATE = 86400
- __init__(**kwargs)
Initialization
- deviceAuthorization(group=None)
Authorization through DeviceCode flow
- exchangeToken(accessToken, group=None, scope=None)
Get new tokens for group scope
- fetchJWKs(**kwargs)
Fetch JWKs
- fetchToken(**kwargs)
Fetch token
- Returns:
dict
- fetch_metadata(**kwargs)
Fetch metadata
- getJWKs()
Get JWKs
- getUserGroups(accessToken)
Get user groups
- getUserProfile(accessToken)
Get user profile
- Parameters:
accessToken (str)
- Returns:
S_OK()/S_ERROR()
- parseAuthResponse(response, session=None)
Make user info dict:
- refreshToken(**kwargs)
Refresh token
- researchGroup(payload=None, token=None)
Deprecated: Use getUserProfile instead
- revokeToken(token=None, tokenTypeHint='refresh_token')
Revoke token
- setParameters(parameters: dict)
Set parameters
- Parameters:
parameters (dict) – parameters of the identity Provider
- submitDeviceCodeAuthorizationFlow(group=None)
Submit authorization flow
- Returns:
S_OK(dict)/S_ERROR() – dictionary with device code flow response
- submitNewSession(pkce=True)
Submit new authorization session
- Parameters:
pkce (bool) – use PKCE
- Returns:
S_OK(str)/S_ERROR()
- verifyToken(accessToken)
Verify access token
- waitFinalStatusOfDeviceCodeAuthorizationFlow(deviceCode, interval=5, timeout=300)
Submit waiting loop process, that will monitor current authorization session status
- class DIRAC.Resources.IdProvider.OAuth2IdProvider.OAuth2Session(client_id=None, client_secret=None, token_endpoint_auth_method=None, revocation_endpoint_auth_method=None, scope=None, state=None, redirect_uri=None, token=None, token_placement='header', update_token=None, leeway=60, default_timeout=None, **kwargs)
Bases:
OAuth2SessionAuthlib does not yet know about the token exchange flow: https://github.com/lepture/authlib/tree/master/authlib/oauth2/rfc8693
so we will add auxiliary methods to implement this flow.
- exchange_token(url, subject_token=None, subject_token_type=None, body='', auth=None, headers=None, **kwargs)
Exchange a new access token
- Parameters:
url – Exchange Token endpoint, must be HTTPS.
subject_token (str) – subject_token
subject_token_type (str) – token type https://tools.ietf.org/html/rfc8693#section-3
body – Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body.
refresh_token (str) – refresh token
access_token (str) – access token
auth – An auth tuple or method as accepted by requests.
headers – Dict to default request headers with.
- Returns:
A
OAuth2Tokenobject (a dict too).