OAUTH and Lookup Utilities¶
This is the documentation for the django-automationoauth
project which provides a pluggable Django
app with common utilities for authenticating requests by interacting with the LOOKUP and OAUTH services.
‘authentication’ module¶
OAuth2 authentication for Django REST Framework views.
-
automationoauthdrf.authentication.
INTROSPECT_SESSION
= <automationoauthclient.AuthenticatedSession object>¶ An authenticated session which introspect tokens
-
class
automationoauthdrf.authentication.
OAuth2TokenAuthentication
¶ Django REST framework authentication which accepts an OAuth2 token as a Bearer token and verifies it via the token introspection endpoint. If verification fails, the token is ignored.
Sets request.auth to the parsed JSON response from the token introspection endpoint.
Sets request.user to a Django user whose username matches the token’s “sub” field (if set).
TODO: Perform some token verification caching.
-
authenticate
(request)¶ Authenticate the request and return a two-tuple of (user, token).
-
authenticate_header
(request)¶ Return a string used to populate the WWW-Authenticate header for a HTTP 401 response.
-
static
validate_token
(token)¶ Helper method which validates a Bearer token and returns the parsed response from the introspection endpoint if the token is valid. If the token is invalid, None is returned.
A valid token must be active, be issued in the past and expire in the future.
-
-
automationoauthdrf.authentication.
user_from_subject
(subject)¶ Return a Django user object given a token subject.
‘lookup’ module¶
Module providing lookup API-related functionality.
-
automationlookup.lookup.
LOOKUP_SESSION
= <automationoauthclient.AuthenticatedSession object>¶ An authenticated session which can access the lookup API
-
exception
automationlookup.lookup.
LookupError
¶ Error raised if
get_person_for_user()
encounters a problem.
-
automationlookup.lookup.
get_person_for_user
(user)¶ Return the resource from Lookup associated with the specified user. A requests package
HTTPError
is raised if the request fails.The result of this function call is cached based on the username so it is safe to call this multiple times.
If user is the anonymous user (user.is_anonymous is True),
UserIsAnonymousError
is raised.
‘models’ module¶
-
class
automationlookup.models.
UserLookup
(*args, **kwargs)¶ A mapping from Django users to lookup schemes and identifiers.
-
exception
DoesNotExist
¶
-
exception
MultipleObjectsReturned
¶
-
identifier
¶ The lookup identifier identifier property for the user
-
scheme
¶ The lookup identifier scheme property for the user
-
user
¶ The corresponding user. Since each use only has one token identity, this is a OneToOneField.
-
exception
‘oauth2client’ module¶
The automationoauthclient.oauth2client
module provides a wrapper around
requests.Session
which is pre-authorised with an OAuth2 client token.
-
class
automationoauthclient.__init__.
AuthenticatedSession
(scopes)¶ Maintain an authenticated session as a particular OAuth2 client. The client id and secret, OAUTH2_CLIENT_ID & OAUTH2_CLIENT_SECRET, are specified in the README.md.
Parameters: scopes (sequence) – A sequence of strings specifying the scopes which should be requested for the token. -
request
(*args, **kwargs)¶ A version of
requests.request()
which is authenticated with the OAuth2 token for this client. If the token has timed out, it is requested again.
-