OAUTH and Lookup Utilities¶

This is the documentation for the django-automationoauth project which provides a pluggable Django app with common utilities for authenticating requests by interacting with the LOOKUP and OAUTH services.

‘authentication’ module¶

OAuth2 authentication for Django REST Framework views.

automationoauthdrf.authentication.INTROSPECT_SESSION = <automationoauthclient.AuthenticatedSession object>¶: An authenticated session which introspect tokens

class automationoauthdrf.authentication.OAuth2TokenAuthentication¶

Django REST framework authentication which accepts an OAuth2 token as a Bearer token and verifies it via the token introspection endpoint. If verification fails, the token is ignored.

Sets request.auth to the parsed JSON response from the token introspection endpoint.

Sets request.user to a Django user whose username matches the token’s “sub” field (if set).

TODO: Perform some token verification caching.

authenticate(request)¶: Authenticate the request and return a two-tuple of (user, token).

authenticate_header(request)¶: Return a string used to populate the WWW-Authenticate header for a HTTP 401 response.

static validate_token(token)¶

Helper method which validates a Bearer token and returns the parsed response from the introspection endpoint if the token is valid. If the token is invalid, None is returned.

A valid token must be active, be issued in the past and expire in the future.

automationoauthdrf.authentication.user_from_subject(subject)¶: Return a Django user object given a token subject.

‘lookup’ module¶

Module providing lookup API-related functionality.

automationlookup.lookup.LOOKUP_SESSION = <automationoauthclient.AuthenticatedSession object>¶: An authenticated session which can access the lookup API

exception automationlookup.lookup.LookupError¶: Error raised if get_person_for_user() encounters a problem.

automationlookup.lookup.get_person_for_user(user)¶

Return the resource from Lookup associated with the specified user. A requests package HTTPError is raised if the request fails.

The result of this function call is cached based on the username so it is safe to call this multiple times.

If user is the anonymous user (user.is_anonymous is True), UserIsAnonymousError is raised.

‘models’ module¶

class automationlookup.models.UserLookup(*args, **kwargs)¶

A mapping from Django users to lookup schemes and identifiers.

exception DoesNotExist¶

exception MultipleObjectsReturned¶

identifier¶: The lookup identifier identifier property for the user

scheme¶: The lookup identifier scheme property for the user

user¶: The corresponding user. Since each use only has one token identity, this is a OneToOneField.

‘oauth2client’ module¶

The automationoauthclient.oauth2client module provides a wrapper around requests.Session which is pre-authorised with an OAuth2 client token.

class automationoauthclient.__init__.AuthenticatedSession(scopes)¶

Maintain an authenticated session as a particular OAuth2 client. The client id and secret, OAUTH2_CLIENT_ID & OAUTH2_CLIENT_SECRET, are specified in the README.md.

Parameters:	scopes (sequence) – A sequence of strings specifying the scopes which should be requested for the token.

request(*args, **kwargs)¶: A version of requests.request() which is authenticated with the OAuth2 token for this client. If the token has timed out, it is requested again.