TokenManagerClient
The TokenManagerClient is a class representing the client of the DIRAC
TokenManager
service.
- class DIRAC.FrameworkSystem.Client.TokenManagerClient.TokenManagerClient(**kwargs)
Bases:
Client
Client exposing the TokenManager Service.
- __init__(**kwargs)
C’tor.
- Parameters:
kwargs – just stored as an attribute and passed when creating the RPCClient
- property call
To be removed once we’re sure self.call has been removed
- Type:
Deprecated
- deleteToken(self, userDN, **kwargs)
Delete a token from the DB
- Parameters:
userDN – user DN
- Returns:
S_OK()/S_ERROR()
Automatically created for the service function
export_deleteToken()
- executeRPC(*parms, **kws)
This method extracts some parameters from kwargs that are used as parameter of the constructor or RPCClient. Unfortunately, only a few of all the available parameters of BaseClient are exposed.
- Parameters:
rpc – if an RPC client is passed, use that one
timeout – we can change the timeout on a per call bases. Default is self.timeout
url – We can specify which url to use
- getClientKWArgs()
Returns a copy of the connection arguments
- getServer()
Getter for the server url. Useful ?
- getToken(username: str = None, userGroup: str = None, scope: list[str] = None, audience: str = None, identityProvider: str = None, requiredTimeLeft: int = 0, useCache: bool = True)
Get an access token for a user/group
- Parameters:
username – user name
userGroup – group name
scope – scope
audience – audience
identityProvider – identity Provider
requiredTimeLeft – required time
cacheToken – if True (default) save the token in cache. Otherwise it is not cached but it avoids the lock
- Returns:
S_OK(dict)/S_ERROR()
- getTokenWithCache(**kwargs)
Get an access token for a user/group keeping the local cache
- Parameters:
username – user name
userGroup – group name
scope – scope
audience – audience
identityProvider – identity Provider
requiredTimeLeft – required time
- Returns:
S_OK(dict)/S_ERROR()
- getTokenWithoutCache(username: str = None, userGroup: str = None, scope: list[str] = None, audience: str = None, identityProvider: str = None, requiredTimeLeft: int = 0)
Get an access token for a user/group without caching it
- Parameters:
username – user name
userGroup – group name
scope – scope
audience – audience
identityProvider – identity Provider
requiredTimeLeft – required time
- Returns:
S_OK(dict)/S_ERROR()
- getTokensByUserID(self, userID, **kwargs)
Retrieve a token from the DB
- Parameters:
userID – user’s token id
- Returns:
S_OK(list)/S_ERROR() token row in dict format
Automatically created for the service function
export_getTokensByUserID()
- getUserTokensInfo(self, **kwargs)
Generate information dict about user tokens
- Returns:
dict
Automatically created for the service function
export_getUserTokensInfo()
- getUsersTokensInfo(self, users, **kwargs)
Get the info about the user tokens in the database
- Parameters:
users – user names
- Returns:
S_OK(list) – return list of tokens dictionaries
Automatically created for the service function
export_getUsersTokensInfo()
- httpsClient
alias of
TornadoClient
- setServer(url)
Set the server URL used by default
- Parameters:
url – url of the service
- updateToken(self, token, userID, provider, rt_expired_in, **kwargs)
Using this method, you can transfer user tokens for storage in the TokenManager.
It is important to note that TokenManager saves only one token per user and, accordingly, the Identity Provider from which it was issued. So when a new token is delegated, keep in mind that the old token will be deleted.
- Parameters:
token – token
userID – user ID
provider – provider name
rt_expired_in – refresh token expires time (in seconds)
- Returns:
S_OK(list)/S_ERROR() – list contain uploaded tokens info as dictionaries
Automatically created for the service function
export_updateToken()