Clients

class DIRAC.FrameworkSystem.private.authorization.utils.Clients.Client(params)

Bases: OAuth2ClientMixin

This class describes the OAuth2 client.

__init__(params)

C’r

Parameters:

params (dict) – client parameters

check_client_secret(client_secret)

Check client_secret matching with the client. For instance, in the client table, the column is called client_secret:

import secrets

def check_client_secret(self, client_secret):
    return secrets.compare_digest(self.client_secret, client_secret)
Parameters:

client_secret – A string of client secret

Returns:

bool

check_endpoint_auth_method(method, endpoint)

Check if client support the given method for the given endpoint. There is a token_endpoint_auth_method defined via RFC7591. Developers MAY re-implement this method with:

def check_endpoint_auth_method(self, method, endpoint):
    if endpoint == 'token':
        # if client table has ``token_endpoint_auth_method``
        return self.token_endpoint_auth_method == method
    return True

Method values defined by this specification are:

  • “none”: The client is a public client as defined in OAuth 2.0,

    and does not have a client secret.

  • “client_secret_post”: The client uses the HTTP POST parameters

    as defined in OAuth 2.0

  • “client_secret_basic”: The client uses HTTP Basic as defined in

    OAuth 2.0

check_grant_type(grant_type)

Validate if the client can handle the given grant_type. There are four grant types defined by RFC6749:

  • authorization_code

  • implicit

  • client_credentials

  • password

For instance, there is a allowed_grant_types column in your client:

def check_grant_type(self, grant_type):
    return grant_type in self.grant_types
Parameters:

grant_type – the requested grant_type string.

Returns:

bool

check_redirect_uri(redirect_uri)

Validate redirect_uri parameter in Authorization Endpoints. For instance, in the client table, there is an allowed_redirect_uris column:

def check_redirect_uri(self, redirect_uri):
    return redirect_uri in self.allowed_redirect_uris
Parameters:

redirect_uri – A URL string for redirecting.

Returns:

bool

check_response_type(response_type)

Validate if the client can handle the given response_type. There are two response types defined by RFC6749: code and token. For instance, there is a allowed_response_types column in your client:

def check_response_type(self, response_type):
    return response_type in self.response_types
Parameters:

response_type – the requested response_type string.

Returns:

bool

check_token_endpoint_auth_method(method)
client_id = Column(None, String(length=48), table=None)
client_id_issued_at = Column(None, Integer(), table=None, nullable=False, default=ScalarElementColumnDefault(0))
property client_info

Implementation for Client Info in OAuth 2.0 Dynamic Client Registration Protocol via Section 3.2.1.

property client_metadata
property client_name
client_secret = Column(None, String(length=120), table=None)
client_secret_expires_at = Column(None, Integer(), table=None, nullable=False, default=ScalarElementColumnDefault(0))
property client_uri
property contacts
get_allowed_scope(scope)

Get allowed scope. Has been slightly modified to accommodate parametric scopes.

Parameters:

scope (str) – requested scope

Returns:

str – scopes

get_client_id()

A method to return client_id of the client. For instance, the value in database is saved in a column called client_id:

def get_client_id(self):
    return self.client_id
Returns:

string

get_default_redirect_uri()

A method to get client default redirect_uri. For instance, the database table for client has a column called default_redirect_uri:

def get_default_redirect_uri(self):
    return self.default_redirect_uri
Returns:

A URL string

property grant_types
property jwks
property jwks_uri
property logo_uri
property policy_uri
property redirect_uris
property response_types
property scope
set_client_metadata(value)
property software_id
property software_version
property token_endpoint_auth_method
property tos_uri
DIRAC.FrameworkSystem.private.authorization.utils.Clients.getDIRACClients()

Get DIRAC authorization clients

Returns:

S_OK(dict)/S_ERROR()