The Authentication API

A module providing simplified assess to Squonk2 Authentication (Keycloak).

The API

Python utilities to simplify calls to the authentication mechanism (Keycloak) for use with the Data Manager and Account Server APIs.

class squonk2.auth.Auth

The Auth class provides high-level, simplified access to the authentication service (Keycloak).

classmethod get_access_token(*, keycloak_url: str, keycloak_realm: str, keycloak_client_id: str, username: str, password: str, prior_token: Optional[str] = None, timeout_s: int = 4) → Optional[str]

Gets an access token from the given Keycloak server, realm and client ID.

If keycloak fails to yield a token None is returned, with messages written to the log.

The caller can (is encouraged to) provide a prior token in order to reduce token requests on the server. When a prior_token is provided the code only calls keycloak to obtain a new token if the current one looks like it will expire (in less than 60 seconds).

Parameters

• keycloak_url – The keycloak server URL, typically https://example.com/auth

• keycloak_realm – The keycloak realm

• keycloak_client_id – The keycloak client ID (Data Manager or Account Server)

• username – A valid username

• password – A valid password

• prior_token – An optional prior token. If supplied it will be used unless it is about to expire

• timeout_s – The underlying request timeout