Python library for Authlete
Project description
Authlete Library for Python
Overview
This is the official Python library for Authlete Web APIs.
License
Apache License, Version 2.0
Source Code
https://github.com/authlete/authlete-python
PyPI (Python Package Index)
https://pypi.org/project/authlete/
Install
pip install authlete
Quick Start
The following code simulates "Authorization Code Flow". Replace CLIENT_ID,
SERVICE_API_KEY and SERVICE_API_SECRET in the code with your own properly.
The code assumes that the client type of the client application is 'public'
(otherwise client authentication would be required at the token endpoint) and
the number of registered redirect URIs is one (otherwise redirect_uri request
parameter would be required).
from authlete.api import *
from authlete.conf import *
from authlete.dto import *
#--------------------------------------------------
# Your Configuration
#--------------------------------------------------
authlete_api_server = 'https://api.authlete.com'
service_api_key = 'SERVICE_API_KEY'
service_api_secret = 'SERVICE_API_SECRET'
client_id = 'CLIENT_ID'
user_id = 'USER_ID'
# If the Authlete version is 3.0 or higher
service_access_token = 'SERVICE_ACCESS_TOKEN'
service_api_secret = None
#--------------------------------------------------
# AuthleteApi
#--------------------------------------------------
# Configuration to access Authlete APIs.
cnf = AuthleteConfiguration()
cnf.baseUrl = authlete_api_server
cnf.serviceApiKey = service_api_key
cnf.serviceApiSecret = service_api_secret
# If the Authlete version is 3.0 or higher
cnf.apiVersion = "V3"
cnf.serviceAccessToken = service_access_token
cnf.serviceApiSecret = None
# Authlete API caller
api = AuthleteApiImpl(cnf)
#--------------------------------------------------
# /api/auth/authorization API
#--------------------------------------------------
# Prepare a request to /api/auth/authorization API.
req = AuthorizationRequest()
req.parameters = 'response_type=code&client_id={}'.format(client_id)
# Call /api/auth/authorization API. The class of the
# response is authlete.dto.AuthorizationResponse.
res = api.authorization(req)
#--------------------------------------------------
# /api/auth/authorization/issue API
#--------------------------------------------------
# Prepare a request to /api/auth/authorization/issue API.
req = AuthorizationIssueRequest()
req.ticket = res.ticket
req.subject = user_id
# Call /api/auth/authorization/issue API. The class of the
# response is authlete.dto.AuthorizationIssueResponse.
res = api.authorizationIssue(req)
# An authorization response returned to the user agent.
print('HTTP/1.1 302 Found')
print('Location: {}'.format(res.responseContent))
#--------------------------------------------------
# /api/auth/token API
#--------------------------------------------------
# Prepare a request to /api/auth/token API.
req = TokenRequest()
req.parameters = 'client_id={}&grant_type=authorization_code&code={}'\
.format(client_id, res.authorizationCode)
# Call /api/auth/token API. The class of the response is
# authlete.dto.TokenResponse.
res = api.token(req)
# A token response returned to the client.
print("\nHTTP/1.1 200 OK")
print("Content-Type: application/json\n")
print(res.responseContent)
Description
How To Get AuthleteApi
All the methods to communicate with Authlete Web APIs are gathered in
authlete.api.AuthleteApi interface. authlete.api.AuthleteApiImpl class is
the only implementation of the interface. The constructor of AuthleteApiImpl
class requires an instance of authlete.conf.AuthleteConfiguration class.
# Prepare an instance of AuthleteConfiguration.
cnf = AuthleteConfiguration()
cnf.baseUrl = ...
cnf.serviceOwnerApiKey = ...
cnf.serviceOwnerApiSecret = ...
cnf.serviceApiKey = ...
cnf.serviceApiSecret = ...
# If the Authlete version is 3.0 or higher
cnf.apiVersion = "V3"
cnf.serviceAccessToken = ...
cnf.serviceApiSecret = None
# Get an implementation of AuthleteApi interface.
api = AuthleteApiImpl(cnf)
AuthleteConfiguration class has two subclasses, AuthleteEnvConfiguration
and AuthleteIniConfiguration.
AuthleteEnvConfiguration class reads settings from the following environment
variables.
AUTHLETE_API_VERSIONAUTHLETE_BASE_URLAUTHLETE_SERVICEOWNER_APIKEYAUTHLETE_SERVICEOWNER_APISECRETAUTHLETE_SERVICE_APIKEYAUTHLETE_SERVICE_APISECRETAUTHLETE_SERVICE_ACCESSTOKEN
The constructor of AuthleteEnvConfiguration reads the environment variables,
so what you have to do in Python code is just to create an instance of the
class as follows.
cnf = AuthleteEnvConfiguration()
On the other hand, AuthleteIniConfiguration class reads an INI file. The
format of the file AuthleteIniConfiguration expects is as follows.
[authlete]
api_version = ...
base_url = ...
service_owner.api_key = ...
service_owner.api_secret = ...
service.api_key = ...
service.api_secret = ...
service.access_token = ...
The constructor of AuthleteIniConfiguration accepts an optional parameter
which represents the name of an INI file. If the parameter is omitted,
authlete.ini is used as the default file. If the name of your INI file is
not authlete.ini, pass the file name to the constructor explicitly as follows.
cnf = AuthleteIniConfiguration('configuration.ini')
AuthleteApi Settings
getSettings() method of AuthleteApi interface returns an instance of
authlete.api.Settings class. You can set connection timeout and read timeout
via the instance.
settings = api.getSettings()
settings.connectionTimeout = 5.0
settings.readTimeout = 5.0
AuthleteApi Method Categories
Methods in AuthleteApi interface can be divided into some categories.
Methods for Authorization Endpoint Implementation
authorization(request)authorizationFail(equest)authorizationIssue(request)
Methods for Token Endpoint Implementation
token(request)tokenFail(request)tokenIssue(request)idTokenReissue(request)
Methods for Service Management
createService(service)deleteService(serviceApiKey)getService(serviceApiKey)getServiceList(start=None, end=None)updateService(service)
Methods for Client Application Management
createClient(client)deleteClient(clientId)getClient(clientId)getClientList(developer=None, start=None, end=None)updateClient(client)refreshClientSecret(clientId)updateClientSecret(clientId, clientSecret)
Methods for Access Token Introspection
introspection(request)standardIntrospection(request)getTokenList(clientIdentifier=None, subject=None, start=None, end=None)
Methods for Revocation Endpoint Implementation
revocation(request)
Methods for User Info Endpoint Implementation
userinfo(request)userinfoIssue(request)
Methods for JWK Set Endpoint Implementation
getServiceJwks(pretty=True, includePrivateKeys=False)
Methods for OpenID Connect Discovery
getServiceConfiguration(request=None)
Methods for Token Operations
tokenCreate(request)tokenDelete(token)tokenRevoke(request)tokenUpdate(request)
Methods for Requestable Scopes per Client (deprecated; Client APIs suffice)
getRequestableScopes(clientId)setRequestableScopes(clientId, scopes)deleteRequestableScopes(clientId)
Methods for Records of Granted Scopes
getGrantedScopes(clientId, subject)deleteGrantedScopes(clientId, subject)
Methods for Authorization Management on a User-Client Combination Basis
deleteClientAuthorization(clientId, subject)getClientAuthorizationList(request)updateClientAuthorization(clientId, request)
Methods for JOSE
verifyJose(request)
Methods for CIBA (Client Initiated Backchannel Authentication)
backchannelAuthentication(request)backchannelAuthenticationIssue(request)backchannelAuthenticationFail(request)backchannelAuthenticationComplete(request)
Methods for OpenID Connect Dynamic Client Registration
dynamicClientRegister(request)dynamicClientGet(request)dynamicClientUpdate(request)dynamicClientDelete(request)
Methods for Device Flow
deviceAuthorization(request)deviceComplete(request)deviceVerification(request)
Methods for PAR (Pushed Authorization Request)
pushAuthorizationRequest(request)
Methods for Grant Management for OAuth 2.0
gm(request)
Methods for OpenID Federation 1.0
federationConfiguration(request)federationRegistration(request)
Methods for Verifiable Credentials
credentialIssuerMetadata(request)credentialIssuerJwks(request)credentialJwtIssuerMetadata(request)credentialOfferCreate(request)credentialOfferInfo(request)credentialSingleParse(request)credentialSingleIssue(request)credentialBatchParse(request)credentialBatchIssue(request)credentialDeferredParse(request)credentialDeferredIssue(request)
Authlete Version
Some APIs and features don't work (even if they are defined in the AuthleteApi
interface) if Authlete API server you use doesn't support them. For example,
CIBA works only in Authlete 2.1 onwards. Please contact us if you want to use
newer Authlete versions.
Features available in Authlete 2.0 and onwards:
- Financial-grade API (FAPI)
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (MTLS)
- JWT-based Client Authentication (RFC 7523)
- Scope attributes
- UK Open Banking Security Profile
Features available in Authlete 2.1 and onwards:
- Client Initiated Backchannel Authentication (CIBA)
- JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
- Dynamic Client Registration (RFC 7591 & RFC 7592)
- OAuth 2.0 Device Authorization Grant (Device Flow)
- JWT-based Access Token
See Spec Sheet for further details.
AWS Support
This library contains a utility class to help implement a Lambda Authorizer that can protect APIs built on Amazon API Gateway with "certificate-bound access tokens" that conform to RFC 8705 (OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens).
Below is a short but completely working example of Lambda authorizer implementation that is written using the utility class.
from authlete.aws.apigateway.authorizer import Authorizer
authorizer = Authorizer()
def lambda_handler(event, context):
return authorizer.handle(event, context)
See "Financial-grade Amazon API Gateway" for details.
See Also
- authlete-python-django : Authlete library for Django
- django-oauth-server : Authorization server implementation using Django
- django-resource-server : Resource server implementation using Django
Contact
Contact Form : https://www.authlete.com/contact/
| Purpose | Email Address |
|---|---|
| General | info@authlete.com |
| Sales | sales@authlete.com |
| PR | pr@authlete.com |
| Technical | support@authlete.com |
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file authlete-1.3.0.tar.gz.
File metadata
- Download URL: authlete-1.3.0.tar.gz
- Upload date:
- Size: 61.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.12.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
92bea3c04663beb6e8ed112d6417c5f43ebddf89cb7a68999da2405154f881fb
|
|
| MD5 |
4d8ec23447caeca74aa41768f4af8ead
|
|
| BLAKE2b-256 |
38b79c7eafb59b23f9ee2bdcb1e0faa6dfd7bdbe8c749e535d01cfacd4693817
|
File details
Details for the file authlete-1.3.0-py3-none-any.whl.
File metadata
- Download URL: authlete-1.3.0-py3-none-any.whl
- Upload date:
- Size: 185.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.12.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
13a46ed41e88d98c5407f5c432889d795ec9e3f6c85da382e007e554c59e3d15
|
|
| MD5 |
c37a34d92d678590fa2b2b6f029dd676
|
|
| BLAKE2b-256 |
4f62d6dfcee183f81486e6827d2eaeeabb3f796b83756263bc760f1be51ddd63
|
