The Authentication API
A module providing simplified assess to Squonk2 Authentication (Keycloak).
The API
Python utilities to simplify calls to the authentication mechanism (Keycloak) for use with the Data Manager and Account Server APIs.
- class squonk2.auth.Auth
The Auth class provides high-level, simplified access to the authentication service (Keycloak).
- classmethod get_access_token(*, keycloak_url: str, keycloak_realm: str, keycloak_client_id: str, username: str, password: str, keycloak_client_secret: Optional[str] = None, prior_token: Optional[str] = None, timeout_s: int = 4) Optional[str]
Gets an access token from the given Keycloak server, realm and client ID. The returned token can then be used on the client typically providing it in the client’s REST header byt setting the header’s “Authorization” value, e.g. “Authorization: Bearer <token>”.
If keycloak fails to yield a token None is returned, with messages written to the log.
The caller can (is encouraged to) provide a prior token in order to reduce token requests on the server. When a
prior_token
is provided the code only calls keycloak to obtain a new token if the current one looks like it will expire (in less than 60 seconds).- Parameters
keycloak_url – The keycloak server URL, typically https://example.com/auth
keycloak_realm – The keycloak realm
keycloak_client_id – The keycloak client ID (Data Manager or Account Server)
keycloak_client_secret – The keycloak client secret (if required by the client)
username – A valid username
password – A valid password
prior_token – An optional prior token. If supplied it will be used unless it is about to expire
timeout_s – The underlying request timeout