:py:mod:`iam_client`
====================

.. py:module:: iam_client

.. autoapi-nested-parse::

   IAM client for the SKA SRC API Global Execution service.



Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   iam_client.IAMClient




.. py:class:: IAMClient(iam_url, client_id, client_secret, scope = 'openid profile email offline_access', audience = None, global_timeout = 30, redis_cache = None)


   A client for the IAM service.

   .. py:attribute:: CACHE_KEY_TEMPLATE
      :value: 'TOKEN_CACHE:{token_type}:{client_id}:{user_name}'

      

   .. py:attribute:: REFRESH_TOKEN_BUFFER_SECONDS

      

   .. py:attribute:: REFRESH_TOKEN_GRANT_TYPE
      :value: 'refresh_token'

      

   .. py:attribute:: TOKEN_CACHE_TTL_SECONDS

      

   .. py:attribute:: TOKEN_EXCHANGE_GRANT_TYPE
      :value: 'urn:ietf:params:oauth:grant-type:token-exchange'

      

   .. py:attribute:: logger

      

   .. py:method:: build_audience(audience)

      Build the audience for the token exchange request.


   .. py:method:: build_client_id(client_id)

      Build the client ID for the token exchange request.


   .. py:method:: build_client_secret(client_secret)

      Build the client secret for the token exchange request.


   .. py:method:: build_payload_and_auth_for_refresh_token(refresh_token, scope, client_id, client_secret, public_client)

      Build the payload and authentication for a refresh token request.


   .. py:method:: build_payload_and_auth_for_token_exchange(subject_token, audience, scope, client_id, client_secret, public_client)

      Build the payload and authentication for a token exchange request.


   .. py:method:: build_scope(scope)

      Build the scope for the token exchange request.


   .. py:method:: call_token_endpoint(payload, basic_auth)
      :async:

      Call the token endpoint with the given payload and authentication.


   .. py:method:: exchange_token(subject_token, audience, scope = None, client_id = None, client_secret = None, public_client = False, refresh_id_token = False)
      :async:

      Exchange a token for another token.


   .. py:method:: get_cached_token_or_refresh(key, refresh_id_token = False, public_client = False)
      :async:

      Retrieve a token from the cache.
      :param public_client: If True, the client is a public client and should not use client authentication when refreshing tokens.
      :param refresh_id_token: Check the expiration of the ID token and refresh the token if the ID token is expiring soon or already expired.
      :param key: The cache key to look up the token.
      :return: return the cached token if it exists and is valid, otherwise return None.
       The token is considered valid if it has not expired yet.


   .. py:method:: get_id_token_expiration_time(id_token)

      Extract the expiration time from an ID token.


   .. py:method:: refresh_token(refresh_token, scope = None, client_id = None, client_secret = None, public_client = False)
      :async:

      Refresh an access token using a refresh token.


   .. py:method:: update_cache_with_token_response(cache_key, token_response, ttl = TOKEN_CACHE_TTL_SECONDS)
      :async:

      Update the cache with the new token response.