authentication_handlers
Authentication source for Bitfount services.
Classes
APIKeysHandler
class APIKeysHandler(api_key_id: str, api_key: str, username: str):Authenticate a user with API Keys.
Ancestors
Variables
am_request_headers- Header for authenticating with access manager.
-
authenticated : bool- Checks the user is authenticated.This class is using API keys which cannot be checked in a meaningful way locally.
hub_request_headers- Header for authenticating with hub.
message_service_request_metadata : list- Metadata for authenticating with message service.
-
username : str- Authenticated user's username.In the case of API keys we have relied on the user providing this. If it's incorrect then their API calls will fail, but we can't meaningfully check this locally.
Methods
authenticate
def authenticate(self) ‑> None:Authenticates the user.
We're using API keys here which are valid from creation. They do not require any additional interaction from the user here.
AuthenticationHandler
class AuthenticationHandler(username: str):Abstract Authentication Handler for use with BitfountSessions.
Variables
am_request_headers : dict- HTTP Request headers for authenticating with the Access Manager.
-
authenticated : bool- Whether the handler currently has valid authentication.Some authentication methods are valid from creation, others may need refreshing intermittently.
hub_request_headers : dict- HTTP Request headers for authenticating with the Hub.
message_service_request_metadata : list- Metadata used to authenticate with the message service.
username : str- Authenticated user's username.
Methods
authenticate
def authenticate(self) ‑> None:Retrieve a valid method for authentication if managed externally.
If the authentication mechanism requires interaction with an external party, or the authentication expires, then this is the method that should be used to retrieve new authentication materials for communicating with Bitfount services.
DeviceCodeFlowHandler
class DeviceCodeFlowHandler( auth_domain: str = 'auth.bitfount.com', client_id: str = '8iCJ33Kp6hc9ofrXTzr5GLxMRHWrlzZO', scopes: str = 'profile openid offline_access', audience: str = 'https://hub.bitfount.com/api', username: str = '_default',):Manages token retrieval and refresh for interactions with Bitfount.
Extends requests.Session, appending an access token to the
authorization of any requests made if an access token is present
When the token expires it will request a new token prior to sending the web request.
Attributes
access_token_expires_at: The time at which the access token expires.device_code: The device code returned by the Bitfount API.device_code_arrival_time: The time at which the device code was issued.id_token: The ID token returned by the Bitfount API.refresh_token: The refresh token returned by the Bitfount API.token_file: The path to the file where the token is stored.token_request_interval: The time between token requests.
Ancestors
Variables
am_request_headers : dict- Header for authenticating with access manager.
-
authenticated : bool- Whether the access token is valid.Returns: True if the token is valid
hub_request_headers : dict- Header for authenticating with hub.
message_service_request_metadata : list- Metadata for authenticating with message service.
username : str- Username of the authenticated user.
Methods
authenticate
def authenticate(self) ‑> None:Authenticates user to allow protected requests.
Prompts the user to login/authenticate and stores the tokens to use them in future requests.
Raises
AssertionError: If user storage path corresponds to a different username from the BitfountSession.ConnectionError: If a token cannot be retrieved.
ExternallyManagedJWTHandler
class ExternallyManagedJWTHandler( jwt: str, expires: datetime, get_token: Callable[[], tuple[str, datetime]], username: str,):Authenticates user via JWT from an external source.
This can provide a JWT to the BitfountSession that is managed
by another application.
The Bitfount library hands responsibility for management of the
token to the external source.
Whenever a new token is needed it makes a call to the get_token
hook which provides one.
Ancestors
Variables
am_request_headers : dict- Header for authenticating with access manager.
authenticated : bool- Whether the token is still valid.
hub_request_headers : dict- Header for authenticating with hub.
message_service_request_metadata : list- Metadata for authenticating with message service.
username : str- Username of authenticated user.
Methods
authenticate
def authenticate(self) ‑> None:Retrieves a token from the token source.
Calls the hook provided on object creation to retrieve a new token.