Authentication/Authorization

en_core.auth

This package provides functionality to authenticate/authorize requests sent to Envase services. It also provides classes that can be extended to support other services. The main goal is to provide classes that can be used as targets to the auth parameter in the Requests Library that handle the authentication/authorization process, as well as the refresh of access tokens, so that clients don’t need to worry about those operations.

The package uses pycognito and python-jose (installed by pycognito) to handle access tokens, so using this module requires that you install pycognito as a dependency in your application.

Base Classes

en_core.auth.base

This module provides base classes and general functionality to authorize HTTP requests. Base classes have been designed to be inherited and allow derived classes to implement a specific abstract interface to insure the correct functioning of the base classes.

class Authorizer(client_info)

Base class for Authorization object that implements the callable() interface to support instances to be target of the auth parameter of the exposed functions and Session objects in the Request python library.

This is an ABC (Abstract Base Class) that cannot be directly instantiated. Instead, users should use one of the provided authorizers, or implement their own by deriving from this class.

The class manages the life-time of authorization tokens by providing an abstract interface that derived classes must implement. Derived classes that implement the exposed abstract interface will inherit the functionality to insure that access tokens are retrieve and refreshed as needed.

The class requires the client information to be specified during contruction. Derived classes can extend their contruction to allow additional parameters, but they should initialize the client information parameter.

Parameters

client_info (ClientInfo) – Client information object that contains the id and secret of the client. It can also contain an optional API key.

__call__(request)

This method allows instances of this class to be used as the target to the auth parameter in the Request python library. The function takes the request from the library and adds the Authorization header, as well as the X-Api-Key header if it was provided in the client information.

Parameters

request (Request) –

Request object that will be processed by the Request library.

Returns

Returns the modified request.

property access_token

Provides the current access token. Client applications are not required to access this parameters to send calls. Instead, they will set the object as the value to the auth parameter on their call to Request

abstract authorize()

Derived classes must implement this method to return an object representing authorization token. This authorization token must expose an access_token property/attribute that contains the string value for the access token that will be included in the header.

The value returned by this function will be passed as parameters of the other abstract interface methods.

Returns

An authorization token object that contains the access_token

property client_id

Returns the client id specified in the client information during initialization.

Warning

Do not expose the client secret in this class unless you have a very good reason and you got approval to do it.

abstract expired(token)

This method must be implemented by derived classes to check if the specified token has expired. The function must return True if the token is expired or False otherwise.

abstract refresh(token)

This method must be implemented by derived classes to refresh the current token when the token has expired. The function takes the existing token as parameter, and should return a new refreshed token. The returned token must contain an access_token property.

Data Structures

en_core.auth.data

class ClientInfo(client_id: str, client_secret: str, api_key: str = '')

Data structure that contains the authentication/authorization parameters for a client. The structure also supports an optional api_key for clients that may require it.

Parameters

  • client_id (str) – Client id for authorization.

  • client_secret (str) – Client secret for authorization

  • api_key (str) – Optional API key parameter for clients that might require it.

OAuth2 Support

en_core.auth.oauth2

Documentation for this module coming soon!!!

Todo

Implement and document oauth2 authorization.

SRP Support

en_core.auth.srp

Documentation for this module coming soon!!!

Todo

Implement and document SRP authorization.