provenaclient.auth

Submodules

Classes

`AuthManager`	Helper class that provides a standard way to create an ABC using
`DeviceFlow`	Helper class that provides a standard way to create an ABC using
`OfflineFlow`	Helper class that provides a standard way to create an ABC using

Package Contents

class provenaclient.auth.AuthManager(log_level: LogType | None = None)[source]

Bases: abc.ABC

Helper class that provides a standard way to create an ABC using inheritance.

logger: logging.Logger

abstract get_token() → str[source]: Get token information and other metadata.

abstract force_refresh() → None[source]: Force refresh the current token

get_auth() → provenaclient.auth.helpers.HttpxBearerAuth[source]

A helper function which produces a BearerAuth object for use in the httpx library. For example:

manager = DeviceFlow(…) auth = manager.get_auth httpx.post(…, auth=auth)

Returns:

The httpx auth object.

Return type:

BearerAuth

Raises:

Exception – Raises exception if tokens/public_key are not setup - make sure that the object is instantiated properly before calling this function.
Exception – If the token is invalid and cannot be refreshed.
Exception – If the token validation still fails after re-conducting the device flow.

class provenaclient.auth.DeviceFlow(config: provenaclient.utils.config.Config, client_id: str, log_level: provenaclient.auth.manager.LogType | None = None)[source]

Bases: provenaclient.auth.manager.AuthManager

Helper class that provides a standard way to create an ABC using inheritance.

keycloak_endpoint: str

client_id: str

scopes: list

device_endpoint: str

token_endpoint: str

file_name = '.tokens.json'

get_token() → str[source]

IMPLEMENTS BASE METHOD

Uses the current token - validates it, refreshes if necessary, and returns the valid token ready to be used.

Returns:

The access token

Return type:

str

Raises:

Exception – Raises exception if tokens/public_key are not setup - make sure that the object is instantiated properly before calling this function.
Exception – If the token is invalid and cannot be refreshed.
Exception – If the token validation still fails after re-conducting the device flow.

force_refresh() → None[source]: IMPLEMENTS BASE METHOD A method to reset the current authentication state.

refresh_tokens() → None[source]

Attempts to refresh the authentication tokens using a stored refresh token. This method updates the current tokens if the refresh is successful.

Raises:

ValueError – If no initial tokens are set, indicating that there is nothing to refresh.
ValueError – If the refresh operation fails due to missing access or refresh tokens in the response, suggesting a failure in the refresh process.

save_tokens(tokens: provenaclient.auth.helpers.Tokens) → None[source]

Saves authentication tokens to a local file in JSON format.

Parameters:: tokens (Tokens) – An object representing the authentication tokens containing the access and refresh tokens.
Raises:: Generic Exception – A generic exception is raised that handles errors from IO/File operations.

clear_token_storage() → None[source]: Checks if the tokens.json file exists and accordingly removes it and resets token object saved to class variable.

load_tokens() → provenaclient.auth.helpers.Tokens | None[source]

Loads authentication tokens from a local JSON file and returns them as a Tokens object.

Returns:: An object representing the authentication tokens containing the access and refresh tokens.
Return type:: Tokens
Raises:: Generic Exception – A generic exception is raised that handles errors from IO/File operations.

make_token_refresh_request(tokens: provenaclient.auth.helpers.Tokens | None = None) → Dict[str, Any][source]

Performs the token refresh by making an HTTP post request to the token endpoint to obtain new access and refresh tokens.

Parameters:

tokens (Optional[Tokens], optional) –

An optional Tokens object containing the refresh token. If not provided, the method will use the class variable stored tokens.

By default this parameter is None.

Returns:

A dictionary containing the new access and refresh tokens if the refresh is successful.

Return type:

Dict[str, Any]

Raises:

ValueError – If no refresh token is provided or found in the class token variable.
Exception – If the HTTP request fails a message is displayed with the HTTP status code. Can occur if the refresh token has expired.

start_device_flow() → None[source]

Initiates the device authorisation flow by requesting a device code from server and prompts user for authentication through the web browser and continues to handle the flow.

Raises:: Exception – If the request to the server fails or if the server response is not of status code 200, suggesting that the flow could not initiated.

display_device_auth_flow(user_code: str, verification_url: str) → None[source]

Displays the current device auth flow challenge - first by trying to open a browser window - if this fails then prints suggestion to stdout to try using the URL manually.

Parameters:

user_code (str) – The user code
verification_url (str) – The url which embeds challenge code

handle_auth_flow() → None[source]: Handles the device authorisation flow by constantly polling the token endpoint until a token is received, an error is received or a timeout occurs.

class provenaclient.auth.OfflineFlow(config: provenaclient.utils.config.Config, client_id: str, offline_token: str | None = None, offline_token_file: str | None = None, log_level: provenaclient.auth.manager.LogType | None = None)[source]

Bases: provenaclient.auth.manager.AuthManager

Helper class that provides a standard way to create an ABC using inheritance.

keycloak_endpoint: str

offline_token: str

client_id: str

token_endpoint: str

scopes: list

public_key: str

get_token() → str[source]

IMPLEMENTS BASE METHOD

Uses the current token - validates it, refreshes if necessary, and returns the valid token ready to be used.

Returns:

The access token

Return type:

str

Raises:

Exception – Raises exception if tokens/public_key are not setup - make sure that the object is instantiated properly before calling this function.
Exception – If the token is invalid and cannot be refreshed.
Exception – If the token validation still fails after re-conducting the device flow.

force_refresh() → None[source]

IMPLEMENTS BASE METHOD

A method to reset the current authentication state.

Since the offline flow has no cached state - this just forces a refresh token request to be made.

get_access_token_from_offline_token() → None[source]

load_offline_token(file_name: str) → str[source]

Loads the offline token from the provided file.

Parameters:: file_name (str) – The file name to load the offline token from.
Returns:: The offline token read from the file.
Return type:: str
Raises:: Exception – If the file does not exist or if the file is empty.