Skip to main content

The TSG authentication library for use with the CERN SSO (OIDC based) service

Project description

tsgauth

A collection of CERN SSO based authentication and authorisation tools used by the CMS TSG Group

modules

flaskoidc

This adds OpenIDC Connect based authorisation for flask servers. It currently has the single function "accept_token" which decorates any routes you wish to require authorisation for

The function expects the following variables to be added to the flask application

It will add the decoded claims of the token to flask.g.oidc_token_info if the token can be validiated. If require_token is true, it will only allow access to the endpoint if there is a validiated token, otherwise it will return a 401 and a little britain reference.

oidcauth

These are a collection of clients which request and manage a sso token for a given application. Each client is for a different authentication mechansism. We currrently have the following ways of authenticating

ClientAuth : pass in a client id and secret and request a token for a given audience. This is used by applications to access other applications. Basically any script where you dont easily have a user to login with.\

KerbAuth: uses kerberos to login in as user (or service account) and request a token for a given audience

AuthGetSSOTokenAuth: uses the auth-get-sso-token command line tool to request a token for a given audience. Basically wraps the cern authz cli tool in a libary. Note you must install this tool yourself, see cern authsvc tools for mode details.

DeviceAuth: used to log in as a user who uses 2FA or can not get a kerberos ticket for some reason. Will print a url that needs to be copied into the users browser who will then authenticate the request. By default it caches the token in a file in the users home directory (~/.sso_token) which is used for subsequent requests for the next 10 hrs.

The interface of the classes is:

  • token() : returns the access token for a given application, requesting/renewing it first if necessary
  • headers() : returns the headers necessar to pass the token to target api. eg requests.get(url,headers=auth.headers())

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tsgauth-0.9.1.tar.gz (12.5 kB view details)

Uploaded Source

Built Distribution

tsgauth-0.9.1-py3-none-any.whl (10.5 kB view details)

Uploaded Python 3

File details

Details for the file tsgauth-0.9.1.tar.gz.

File metadata

  • Download URL: tsgauth-0.9.1.tar.gz
  • Upload date:
  • Size: 12.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/34.0 requests/2.27.1 requests-toolbelt/1.0.0 urllib3/1.26.16 tqdm/4.64.1 importlib-metadata/4.8.3 keyring/23.4.1 rfc3986/1.5.0 colorama/0.4.5 CPython/3.6.8

File hashes

Hashes for tsgauth-0.9.1.tar.gz
Algorithm Hash digest
SHA256 0f51f92be9aeaa2cfa5f1cdd5f30b6f61cfc91f33a8236d286966c5012edc7b5
MD5 ac79c01937bc0eb6250c65bd0aa04b3c
BLAKE2b-256 8a8f5da72bb6b0ac5c1062ccb14de4f87a44762471f77f52adcdee025ebc726f

See more details on using hashes here.

File details

Details for the file tsgauth-0.9.1-py3-none-any.whl.

File metadata

  • Download URL: tsgauth-0.9.1-py3-none-any.whl
  • Upload date:
  • Size: 10.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/34.0 requests/2.27.1 requests-toolbelt/1.0.0 urllib3/1.26.16 tqdm/4.64.1 importlib-metadata/4.8.3 keyring/23.4.1 rfc3986/1.5.0 colorama/0.4.5 CPython/3.6.8

File hashes

Hashes for tsgauth-0.9.1-py3-none-any.whl
Algorithm Hash digest
SHA256 06e7618ef3d720d7779faf353caa7db9a64fe9b83015712f63a006365f7ade9a
MD5 4c564f5307833d57552f33bd99c682c4
BLAKE2b-256 15bb1cbdcda98dcd79dce7295c209d273e273790b159200f4311ceec10f6c448

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page