Skip to main content

Python library for retrieving Keycloak access tokens interactively

Project description

Build status License Code coverage CodeQL PyPI

obi-auth

obi-auth is a library for retrieving Keycloak access tokens interactively. It helps developers and testers quickly authenticate against Keycloak without writing scripts or configuring complex clients.

[!CAUTION] obi-auth is designed to be used interactively and should not be used within a service or application.

Installation

Basic Installation

pip install obi-auth

Notebook Support

For enhanced Jupyter notebook support with Rich display integration:

pip install obi-auth[notebook]

This installs rich which provides better rendering in Jupyter notebooks.

Examples

from obi_auth import get_token

access_token = get_token(environment="staging")

CLI

After installation, the obi-auth command is available. Run obi-auth --help for the full list of commands and options.

get-token

Authenticate and print the access token to stdout. Output is a single token string, suitable for piping into other commands.

obi-auth get-token
obi-auth get-token -e production -m daf
obi-auth get-token --force-refresh
Option Description
-e, --environment Target environment: staging (default) or production
-m, --auth-mode Authentication method: pkce (default) or daf
--force-refresh Clear the cached token and authenticate again

decode-token

Decode a JWT and print the payload as indented JSON. Pass the token as an argument or via stdin.

obi-auth decode-token eyJhbGciOi...
obi-auth get-token | obi-auth decode-token
obi-auth get-token | obi-auth decode-token | jq -r '.sub'

get-user-info

Authenticate, fetch user info from Keycloak, and print the result as indented JSON.

obi-auth get-user-info
obi-auth get-user-info -e production -m daf
obi-auth get-user-info --force-refresh
obi-auth get-user-info | jq -r '.sub'
Option Description
-e, --environment Target environment: staging (default) or production
-m, --auth-mode Authentication method: pkce (default) or daf
--force-refresh Clear the cached token and authenticate again

Global options

Option Description
--log-level Logging level: DEBUG, INFO, WARNING (default), ERROR, CRITICAL

License

Copyright (c) 2025 Open Brain Institute

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

obi_auth-1.1.0.tar.gz (26.7 kB view details)

Uploaded Source

File details

Details for the file obi_auth-1.1.0.tar.gz.

File metadata

  • Download URL: obi_auth-1.1.0.tar.gz
  • Upload date:
  • Size: 26.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for obi_auth-1.1.0.tar.gz
Algorithm Hash digest
SHA256 8519607bfd39b89f1e7ef4ba36ba9d901e30e81d260da22f2681d221c8b1f452
MD5 945935b0e8d28f98b2a6381e761b81f8
BLAKE2b-256 4219a795b8f3884ffa871171a48f71ba495c4ef430607d60a6c743641c129ad6

See more details on using hashes here.

Provenance

The following attestation bundles were made for obi_auth-1.1.0.tar.gz:

Publisher: sdist.yml on openbraininstitute/obi-auth

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page