TokenManagerClient

The TokenManagerClient is a class representing the client of the DIRAC TokenManager service.

class DIRAC.FrameworkSystem.Client.TokenManagerClient.TokenManagerClient(**kwargs)

Bases: Client

Client exposing the TokenManager Service.

__init__(**kwargs)

C’tor.

Parameters:

kwargs – just stored as an attribute and passed when creating the RPCClient

property call

To be removed once we’re sure self.call has been removed

Type:

Deprecated

deleteToken(self, userDN, **kwargs)

Delete a token from the DB

Parameters:

userDN – user DN

Returns:

S_OK()/S_ERROR()

Automatically created for the service function export_deleteToken()

executeRPC(*parms, **kws)

This method extracts some parameters from kwargs that are used as parameter of the constructor or RPCClient. Unfortunately, only a few of all the available parameters of BaseClient are exposed.

Parameters:
  • rpc – if an RPC client is passed, use that one

  • timeout – we can change the timeout on a per call bases. Default is self.timeout

  • url – We can specify which url to use

getClientKWArgs()

Returns a copy of the connection arguments

getServer()

Getter for the server url. Useful ?

getToken(username: str = None, userGroup: str = None, scope: list[str] = None, audience: str = None, identityProvider: str = None, requiredTimeLeft: int = 0, useCache: bool = True)

Get an access token for a user/group

Parameters:
  • username – user name

  • userGroup – group name

  • scope – scope

  • audience – audience

  • identityProvider – identity Provider

  • requiredTimeLeft – required time

  • cacheToken – if True (default) save the token in cache. Otherwise it is not cached but it avoids the lock

Returns:

S_OK(dict)/S_ERROR()

getTokenWithCache(**kwargs)

Get an access token for a user/group keeping the local cache

Parameters:
  • username – user name

  • userGroup – group name

  • scope – scope

  • audience – audience

  • identityProvider – identity Provider

  • requiredTimeLeft – required time

Returns:

S_OK(dict)/S_ERROR()

getTokenWithoutCache(username: str = None, userGroup: str = None, scope: list[str] = None, audience: str = None, identityProvider: str = None, requiredTimeLeft: int = 0)

Get an access token for a user/group without caching it

Parameters:
  • username – user name

  • userGroup – group name

  • scope – scope

  • audience – audience

  • identityProvider – identity Provider

  • requiredTimeLeft – required time

Returns:

S_OK(dict)/S_ERROR()

getTokensByUserID(self, userID, **kwargs)

Retrieve a token from the DB

Parameters:

userID – user’s token id

Returns:

S_OK(list)/S_ERROR() token row in dict format

Automatically created for the service function export_getTokensByUserID()

getUserTokensInfo(self, **kwargs)

Generate information dict about user tokens

Returns:

dict

Automatically created for the service function export_getUserTokensInfo()

getUsersTokensInfo(self, users, **kwargs)

Get the info about the user tokens in the database

Parameters:

users – user names

Returns:

S_OK(list) – return list of tokens dictionaries

Automatically created for the service function export_getUsersTokensInfo()

httpsClient

alias of TornadoClient

setServer(url)

Set the server URL used by default

Parameters:

url – url of the service

updateToken(self, token, userID, provider, rt_expired_in, **kwargs)

Using this method, you can transfer user tokens for storage in the TokenManager.

It is important to note that TokenManager saves only one token per user and, accordingly, the Identity Provider from which it was issued. So when a new token is delegated, keep in mind that the old token will be deleted.

Parameters:
  • token – token

  • userID – user ID

  • provider – provider name

  • rt_expired_in – refresh token expires time (in seconds)

Returns:

S_OK(list)/S_ERROR() – list contain uploaded tokens info as dictionaries

Automatically created for the service function export_updateToken()