antimatter.authn#

Submodules#

Package Contents#

Classes#

Authentication

This is an abstract class for authentication. These methods must be implemented by the child classes.

OAuthAuthentication

This is an abstract class which should be used by OAuth clients for authentication.

ApiKeyAuthentication

This is an agent which uses an API key for authentication.

GoogleOAuthAuthentication

A base authentication class which uses google oauth device flow for authentication.

Unauthenticated

An unauthenticated agent which does not have any authentication.

StaticOAuthAuthentication

A static authentication agent uses a static oauth token.

OAuthDomainAuthentication

A domain authentication class which uses an oauth token for authentication.

class antimatter.authn.Authentication#

Bases: abc.ABC

This is an abstract class for authentication. These methods must be implemented by the child classes. Authentication should return a domain identity token which can then be used to perform actions on behalf of the domain.

abstract authenticate(token_lifetime: int | None = None)#
abstract get_token()#
abstract needs_refresh()#
abstract get_token_scope()#
abstract get_session()#
abstract get_domain_id()#
abstract get_email()#
abstract has_client_retry_policy() bool#
class antimatter.authn.OAuthAuthentication#

Bases: Authentication, abc.ABC

This is an abstract class which should be used by OAuth clients for authentication.

abstract get_config_token() antimatter.auth.config.tokens.OidcToken#

Get the token from the configuration

class antimatter.authn.ApiKeyAuthentication(domain_id: str = None, api_key: str = None, admin_email: str | None = None, enable_retries: bool = True)#

Bases: antimatter.authn.Authentication

This is an agent which uses an API key for authentication.

needs_refresh()#
authenticate(token_lifetime: int | None = None)#
get_token()#
get_token_scope()#
get_session()#
get_domain_id()#
get_email()#
has_client_retry_policy() bool#
class antimatter.authn.GoogleOAuthAuthentication(token: antimatter.auth.config.tokens.GoogleOidcToken = None, reset_credentials: bool = False, enable_retries: bool = True)#

Bases: antimatter.authn.OAuthAuthentication

A base authentication class which uses google oauth device flow for authentication.

This class is used to authenticate with Google OAuth using the device flow. It will prompt the user to go to a verification URL and enter a code to authenticate. This file does not take care of storing the tokens. Use the other derived oauth classes, global and domain to store the tokens.

get_config_token() antimatter.auth.config.tokens.OidcToken#

Get the token from the configuration

authenticate(**kwargs)#
needs_refresh()#
get_token()#
get_token_scope()#
get_session()#
get_domain_id()#
get_email()#
has_client_retry_policy() bool#
class antimatter.authn.Unauthenticated(admin_email: str | None = None, enable_retries: bool = True)#

Bases: antimatter.authn.Authentication

An unauthenticated agent which does not have any authentication. Can be used to create a session for an unauthenticated user.

authenticate(**kwargs)#
get_token()#
needs_refresh()#
get_token_scope()#
get_session()#
get_domain_id()#
get_email()#
has_client_retry_policy() bool#
class antimatter.authn.StaticOAuthAuthentication(token: str, enable_retries: bool = True)#

Bases: antimatter.authn.OAuthAuthentication

A static authentication agent uses a static oauth token. This implementation does not know about the token’s expiration or its validity. It’s up to the upstream service to handle the token’s expiration and validity.

authenticate(**kwargs)#
get_token()#
needs_refresh()#
get_token_scope()#
get_session()#
get_domain_id()#
get_email()#
get_config_token() antimatter.auth.config.tokens.OidcToken#

Get the token from the configuration

has_client_retry_policy() bool#
class antimatter.authn.OAuthDomainAuthentication(domain_id: str, oauth_authentication: antimatter.authn.OAuthAuthentication, identity_provider_name: str = 'google')#

Bases: antimatter.authn.Authentication

A domain authentication class which uses an oauth token for authentication. This class uses the oauth id token obtained from its parent to transmute them into a domain identity token. It uses the identity provider name “google” by default to authenticate the domain.

authenticate(token_lifetime: int | None = None)#
get_token()#
needs_refresh()#
get_token_scope()#
get_session()#
get_domain_id()#
get_email()#
has_client_retry_policy() bool#