iam_client

IAM client for the SKA SRC API Global Execution service.

Module Contents

Classes

IAMClient

A client for the IAM service.
class iam_client.IAMClient(iam_url, client_id, client_secret, scope='openid profile email offline_access', audience=None, global_timeout=30, redis_cache=None)

A client for the IAM service.

CACHE_KEY_TEMPLATE = 'TOKEN_CACHE:{token_type}:{client_id}:{user_name}'
REFRESH_TOKEN_BUFFER_SECONDS
REFRESH_TOKEN_GRANT_TYPE = 'refresh_token'
TOKEN_CACHE_TTL_SECONDS
TOKEN_EXCHANGE_GRANT_TYPE = 'urn:ietf:params:oauth:grant-type:token-exchange'
logger
build_audience(audience)

Build the audience for the token exchange request.

build_client_id(client_id)

Build the client ID for the token exchange request.

build_client_secret(client_secret)

Build the client secret for the token exchange request.

build_payload_and_auth_for_refresh_token(refresh_token, scope, client_id, client_secret, public_client)

Build the payload and authentication for a refresh token request.

build_payload_and_auth_for_token_exchange(subject_token, audience, scope, client_id, client_secret, public_client)

Build the payload and authentication for a token exchange request.

build_scope(scope)

Build the scope for the token exchange request.

async call_token_endpoint(payload, basic_auth)

Call the token endpoint with the given payload and authentication.

async exchange_token(subject_token, audience, scope=None, client_id=None, client_secret=None, public_client=False, refresh_id_token=False)

Exchange a token for another token.

async get_cached_token_or_refresh(key, refresh_id_token=False, public_client=False)

Retrieve a token from the cache. :param public_client: If True, the client is a public client and should not use client authentication when refreshing tokens. :param refresh_id_token: Check the expiration of the ID token and refresh the token if the ID token is expiring soon or already expired. :param key: The cache key to look up the token. :return: return the cached token if it exists and is valid, otherwise return None.

The token is considered valid if it has not expired yet.

get_id_token_expiration_time(id_token)

Extract the expiration time from an ID token.

async refresh_token(refresh_token, scope=None, client_id=None, client_secret=None, public_client=False)

Refresh an access token using a refresh token.

async update_cache_with_token_response(cache_key, token_response, ttl=TOKEN_CACHE_TTL_SECONDS)

Update the cache with the new token response.