The Authentication API

A module providing simplified assess to Squonk2 Authentication (Keycloak).

The API

Python utilities to simplify calls to the authentication mechanism (Keycloak) for use with the Data Manager and Account Server APIs.

class squonk2.auth.Auth

The Auth class provides high-level, simplified access to the authentication service (Keycloak).

classmethod get_access_token(*, keycloak_url: str, keycloak_realm: str, keycloak_client_id: str, username: str, password: str, keycloak_client_secret: Optional[str] = None, prior_token: Optional[str] = None, timeout_s: int = 4) Optional[str]

Gets an access token from the given Keycloak server, realm and client ID. The returned token can then be used on the client typically providing it in the client’s REST header byt setting the header’s “Authorization” value, e.g. “Authorization: Bearer <token>”.

If keycloak fails to yield a token None is returned, with messages written to the log.

The caller can (is encouraged to) provide a prior token in order to reduce token requests on the server. When a prior_token is provided the code only calls keycloak to obtain a new token if the current one looks like it will expire (in less than 60 seconds).

Parameters

  • keycloak_url – The keycloak server URL, typically https://example.com/auth

  • keycloak_realm – The keycloak realm

  • keycloak_client_id – The keycloak client ID (Data Manager or Account Server)

  • keycloak_client_secret – The keycloak client secret (if required by the client)

  • username – A valid username

  • password – A valid password

  • prior_token – An optional prior token. If supplied it will be used unless it is about to expire

  • timeout_s – The underlying request timeout