comotion.auth module

class comotion.auth.Auth(orgname, issuer='https://auth.comotion.us', credentials_cache_class=None, entity_type=None, application_client_id=None, application_client_secret=None)

Class that authenticates the user or application, caches credentials.

Parameters

• orgname (str) – The name of the organization.

• issuer (str) – The issuer URL for authentication. Defaults to ‘https://auth.comotion.us’.

• credentials_cache_class (class) – The class used for credential caching. Defaults to KeyringCredentialCache.

• entity_type (str) – The type of entity being authenticated (Auth.USER or Auth.APPLICATION). Defaults to Auth.USER.

• application_client_id (str, optional) – The client ID for the application on auth.comotion.us. When entity_type is Auth.USER, defaults to comotion_cli

• application_client_secret (str, optional) – The client secret for the application on auth.comotion.us. Only valid when entity_type is Auth.APPLICATION.

APPLICATION = 'application'

Constant for application entity type.

USER = 'user'

Constant for user entity type.

authenticate()

used by the CLI to run a user authentication process using the auth code flow with auth.comotion.us

Note that the handle_request function (part of the OIDCServer class) saves the key to an appropriate key manager

get_access_token()

Retrieve an access token from the auth provider.

This method interacts with the authentication provider to retrieve an access token. The access token is not cached and must be retrieved each time this method is called. The method handles both user and application entity types, using the appropriate authentication mechanism for each.

Returns

The access token retrieved from the auth provider.

Return type

str

Raises

UnAuthenticatedException – If there is an error retrieving the access token from the auth provider.

exception comotion.auth.AuthException

Exception thrown by Auth class

exception comotion.auth.CredentialsCacheException

CredentialsCacheException Thrown in credential save and retrieve in classes implementing CredentialsCacheInterface

class comotion.auth.CredentialsCacheInterface(issuer, orgname)

Interfaced to be implemented in concrete class that executes caching of credentials for users

Any errors in the functions should raise a CredentialsCacheException

get_current_user()

Get latest authenticated user for the issuer and orgname

Returns: str: preferred_username

get_offline_token()

Get offline token for the current user from cache

set_offline_token(username, token)

Set offline token for current user and update current user

class comotion.auth.KeyringCredentialCache(issuer, orgname)

Credential cache using the python keyring class. Saves to local keyring available on linux, windows and macosx

get_current_user()

Get latest authenticated user for the issuer and orgname

Returns: str: preferred_username

get_refresh_token()

set_refresh_token(username, token)

class comotion.auth.OIDCServer(como_authenticator, pkce)

class comotion.auth.OIDCredirectHandler(request, client_address, server)

do_GET()

log_message(format, *args)

Overrider log_message to prevent from logging of requests

setup()

class comotion.auth.PKCE(code_challenge, code_verifier)

PKCE_CODE_VERIFIER_MAX_LENGTH = 40

static generate_pkce()

get_code_challenge()

get_code_verifier()

exception comotion.auth.UnAuthenticatedException

Exception thrown when credentials are not valid.