Clients
- class DIRAC.FrameworkSystem.private.authorization.utils.Clients.Client(params)
Bases:
OAuth2ClientMixin
This class describes the OAuth2 client.
- check_client_secret(client_secret)
Check client_secret matching with the client. For instance, in the client table, the column is called
client_secret
:import secrets def check_client_secret(self, client_secret): return secrets.compare_digest(self.client_secret, client_secret)
- Parameters:
client_secret – A string of client secret
- Returns:
bool
- check_endpoint_auth_method(method, endpoint)
Check if client support the given method for the given endpoint. There is a
token_endpoint_auth_method
defined via RFC7591. Developers MAY re-implement this method with:def check_endpoint_auth_method(self, method, endpoint): if endpoint == 'token': # if client table has ``token_endpoint_auth_method`` return self.token_endpoint_auth_method == method return True
Method values defined by this specification are:
- “none”: The client is a public client as defined in OAuth 2.0,
and does not have a client secret.
- “client_secret_post”: The client uses the HTTP POST parameters
as defined in OAuth 2.0
- “client_secret_basic”: The client uses HTTP Basic as defined in
OAuth 2.0
- check_grant_type(grant_type)
Validate if the client can handle the given grant_type. There are four grant types defined by RFC6749:
authorization_code
implicit
client_credentials
password
For instance, there is a
allowed_grant_types
column in your client:def check_grant_type(self, grant_type): return grant_type in self.grant_types
- Parameters:
grant_type – the requested grant_type string.
- Returns:
bool
- check_redirect_uri(redirect_uri)
Validate redirect_uri parameter in Authorization Endpoints. For instance, in the client table, there is an
allowed_redirect_uris
column:def check_redirect_uri(self, redirect_uri): return redirect_uri in self.allowed_redirect_uris
- Parameters:
redirect_uri – A URL string for redirecting.
- Returns:
bool
- check_response_type(response_type)
Validate if the client can handle the given response_type. There are two response types defined by RFC6749: code and token. For instance, there is a
allowed_response_types
column in your client:def check_response_type(self, response_type): return response_type in self.response_types
- Parameters:
response_type – the requested response_type string.
- Returns:
bool
- check_token_endpoint_auth_method(method)
- client_id = Column(None, String(length=48), table=None)
- client_id_issued_at = Column(None, Integer(), table=None, nullable=False, default=ScalarElementColumnDefault(0))
- property client_info
Implementation for Client Info in OAuth 2.0 Dynamic Client Registration Protocol via Section 3.2.1.
- property client_metadata
- property client_name
- client_secret = Column(None, String(length=120), table=None)
- client_secret_expires_at = Column(None, Integer(), table=None, nullable=False, default=ScalarElementColumnDefault(0))
- property client_uri
- property contacts
- get_allowed_scope(scope)
Get allowed scope. Has been slightly modified to accommodate parametric scopes.
- Parameters:
scope (str) – requested scope
- Returns:
str – scopes
- get_client_id()
A method to return client_id of the client. For instance, the value in database is saved in a column called
client_id
:def get_client_id(self): return self.client_id
- Returns:
string
- get_default_redirect_uri()
A method to get client default redirect_uri. For instance, the database table for client has a column called
default_redirect_uri
:def get_default_redirect_uri(self): return self.default_redirect_uri
- Returns:
A URL string
- property grant_types
- property jwks
- property jwks_uri
- property logo_uri
- property policy_uri
- property redirect_uris
- property response_types
- property scope
- set_client_metadata(value)
- property software_id
- property software_version
- property token_endpoint_auth_method
- property tos_uri
- DIRAC.FrameworkSystem.private.authorization.utils.Clients.getDIRACClients()
Get DIRAC authorization clients
- Returns:
S_OK(dict)/S_ERROR()