aarushiibisht commented on a change in pull request #8: Python SDK for authentication was keycloak and for other admin services URL: https://github.com/apache/airavata-custos/pull/8#discussion_r333634379
########## File path: clients/python/airavata_custos/security/keycloak_connectors.py ########## @@ -14,122 +14,157 @@ # See the License for the specific language governing permissions and # limitations under the License. # -import time + from oauthlib.oauth2 import LegacyApplicationClient -from requests_oauthlib import OAuth2Session import requests -from airavata_custos import settings +import configparser +from airavata_custos.settings import IAMSettings +from oauthlib.oauth2 import BackendApplicationClient +from requests_oauthlib import OAuth2Session +from custos.commons.model.security.ttypes import AuthzToken +from urllib.parse import quote +from airavata_custos.security.client_credentials import IdpCredentials, UserCredentials, ClientCredentials class KeycloakBackend(object): - def authenticate_user(self, user_credentials): + def __init__(self, configuration_file_location): + """ + constructor for KeycloakBackend class + :param configuration_file_location: takes the location of the ini file containing server configuration + """ + self.keycloak_settings = IAMSettings() + self._load_settings(configuration_file_location) + + def authenticate_using_user_details(self, user_credentials): """ Method to authenticate a gateway user with keycloak - :param user_credentials: object of UserCredentials class - :return: Token object, UserInfo object + :param user_credentials: object of UserCredentials class. To get instance of this class use prepare_user_credentials + :return: openid token, openid user information """ try: token, user_info = self._get_token_and_user_info_password_flow(user_credentials) return token, user_info except Exception as e: return None - def authenticate_account(self, account_credentials): + def prepare_user_credentials(self, client_id, client_secret, username, password): """ - :param account_credentials: object of AccountCredentials class - :return: Token object, UserInfo object + :param client_id: client identifier received after registering the tenant + :param client_secret: client password received after registering the tenant + :param username: username of the user which needs to be authenticated + :param password: password of the user which needs to be authenticated + :return: UserCredentials object + """ + return UserCredentials(client_id, client_secret, username, password) + + def authenticate_using_idp(self, idp_credentials): + """ + + :param idp_credentials: object of IdpCredentials class. To get an instance of this class use prepare_idp_credentials + :return: openid token, openid user information """ try: - token, user_info = self._get_token_and_user_info_redirect_flow(account_credentials) + token, user_info = self._get_token_and_user_info_redirect_flow(idp_credentials) return token, user_info except Exception as e: return None - def authenticate_using_refresh_token(self, client_credentials, refresh_token): + def prepare_idp_credentials(self, client_id, client_secret, redirect_uri, idp_alias): + """ + + :param client_id: client identifier received after registering the tenant + :param client_secret: client password received after registering the tenant + :param redirect_uri: URI for the callback entry point of the client + :param idp_alias: name of the idp + :return: object of class IdpCredentials + """ + redirect_uri += '?idp_alias=' + quote(idp_alias) Review comment: Removed ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services