aarushiibisht commented on a change in pull request #8: Python SDK for
authentication was keycloak and for other admin services
URL: https://github.com/apache/airavata-custos/pull/8#discussion_r333634379
##########
File path: clients/python/airavata_custos/security/keycloak_connectors.py
##########
@@ -14,122 +14,157 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-import time
+
from oauthlib.oauth2 import LegacyApplicationClient
-from requests_oauthlib import OAuth2Session
import requests
-from airavata_custos import settings
+import configparser
+from airavata_custos.settings import IAMSettings
+from oauthlib.oauth2 import BackendApplicationClient
+from requests_oauthlib import OAuth2Session
+from custos.commons.model.security.ttypes import AuthzToken
+from urllib.parse import quote
+from airavata_custos.security.client_credentials import IdpCredentials,
UserCredentials, ClientCredentials
class KeycloakBackend(object):
- def authenticate_user(self, user_credentials):
+ def __init__(self, configuration_file_location):
+ """
+ constructor for KeycloakBackend class
+ :param configuration_file_location: takes the location of the ini file
containing server configuration
+ """
+ self.keycloak_settings = IAMSettings()
+ self._load_settings(configuration_file_location)
+
+ def authenticate_using_user_details(self, user_credentials):
"""
Method to authenticate a gateway user with keycloak
- :param user_credentials: object of UserCredentials class
- :return: Token object, UserInfo object
+ :param user_credentials: object of UserCredentials class. To get
instance of this class use prepare_user_credentials
+ :return: openid token, openid user information
"""
try:
token, user_info =
self._get_token_and_user_info_password_flow(user_credentials)
return token, user_info
except Exception as e:
return None
- def authenticate_account(self, account_credentials):
+ def prepare_user_credentials(self, client_id, client_secret, username,
password):
"""
- :param account_credentials: object of AccountCredentials class
- :return: Token object, UserInfo object
+ :param client_id: client identifier received after registering the
tenant
+ :param client_secret: client password received after registering the
tenant
+ :param username: username of the user which needs to be authenticated
+ :param password: password of the user which needs to be authenticated
+ :return: UserCredentials object
+ """
+ return UserCredentials(client_id, client_secret, username, password)
+
+ def authenticate_using_idp(self, idp_credentials):
+ """
+
+ :param idp_credentials: object of IdpCredentials class. To get an
instance of this class use prepare_idp_credentials
+ :return: openid token, openid user information
"""
try:
- token, user_info =
self._get_token_and_user_info_redirect_flow(account_credentials)
+ token, user_info =
self._get_token_and_user_info_redirect_flow(idp_credentials)
return token, user_info
except Exception as e:
return None
- def authenticate_using_refresh_token(self, client_credentials,
refresh_token):
+ def prepare_idp_credentials(self, client_id, client_secret, redirect_uri,
idp_alias):
+ """
+
+ :param client_id: client identifier received after registering the
tenant
+ :param client_secret: client password received after registering the
tenant
+ :param redirect_uri: URI for the callback entry point of the client
+ :param idp_alias: name of the idp
+ :return: object of class IdpCredentials
+ """
+ redirect_uri += '?idp_alias=' + quote(idp_alias)
Review comment:
Removed
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
