antimatter.authn

Submodules

• antimatter.authn.apikey
• antimatter.authn.base
• antimatter.authn.google_oauth
• antimatter.authn.oauth_domain
• antimatter.authn.oauth_global
• antimatter.authn.static_oauth
• antimatter.authn.unauth

Package Contents

Classes

Authentication	This is an abstract class for authentication. These methods must be implemented by the child classes.
OAuthAuthentication	This is an abstract class which should be used by OAuth clients for authentication.
ApiKeyAuthentication	This is an agent which uses an API key for authentication.
GoogleOAuthAuthentication	A base authentication class which uses google oauth device flow for authentication.
Unauthenticated	An unauthenticated agent which does not have any authentication.
StaticOAuthAuthentication	A static authentication agent uses a static oauth token.
OAuthDomainAuthentication	A domain authentication class which uses an oauth token for authentication.

class antimatter.authn.Authentication

Bases: abc.ABC

This is an abstract class for authentication. These methods must be implemented by the child classes. Authentication should return a domain identity token which can then be used to perform actions on behalf of the domain.

abstract authenticate(token_lifetime: int | None = None)

abstract get_token()

abstract needs_refresh()

abstract get_token_scope()

abstract get_session()

abstract get_domain_id()

abstract get_email()

abstract has_client_retry_policy() → bool

class antimatter.authn.OAuthAuthentication

Bases: Authentication, abc.ABC

This is an abstract class which should be used by OAuth clients for authentication.

abstract get_config_token() → antimatter.auth.config.tokens.OidcToken

Get the token from the configuration

class antimatter.authn.ApiKeyAuthentication(domain_id: str = None, api_key: str = None, admin_email: str | None = None, enable_retries: bool = True)

Bases: antimatter.authn.Authentication

This is an agent which uses an API key for authentication.

needs_refresh()

authenticate(token_lifetime: int | None = None)

get_token()

get_token_scope()

get_session()

get_domain_id()

get_email()

has_client_retry_policy() → bool

class antimatter.authn.GoogleOAuthAuthentication(token: antimatter.auth.config.tokens.GoogleOidcToken = None, reset_credentials: bool = False, enable_retries: bool = True)

Bases: antimatter.authn.OAuthAuthentication

A base authentication class which uses google oauth device flow for authentication.

This class is used to authenticate with Google OAuth using the device flow. It will prompt the user to go to a verification URL and enter a code to authenticate. This file does not take care of storing the tokens. Use the other derived oauth classes, global and domain to store the tokens.

get_config_token() → antimatter.auth.config.tokens.OidcToken

Get the token from the configuration

authenticate(**kwargs)

needs_refresh()

get_token()

get_token_scope()

get_session()

get_domain_id()

get_email()

has_client_retry_policy() → bool

class antimatter.authn.Unauthenticated(admin_email: str | None = None, enable_retries: bool = True)

Bases: antimatter.authn.Authentication

An unauthenticated agent which does not have any authentication. Can be used to create a session for an unauthenticated user.

authenticate(**kwargs)

get_token()

needs_refresh()

get_token_scope()

get_session()

get_domain_id()

get_email()

has_client_retry_policy() → bool

class antimatter.authn.StaticOAuthAuthentication(token: str, enable_retries: bool = True)

Bases: antimatter.authn.OAuthAuthentication

A static authentication agent uses a static oauth token. This implementation does not know about the token’s expiration or its validity. It’s up to the upstream service to handle the token’s expiration and validity.

authenticate(**kwargs)

get_token()

needs_refresh()

get_token_scope()

get_session()

get_domain_id()

get_email()

get_config_token() → antimatter.auth.config.tokens.OidcToken

Get the token from the configuration

has_client_retry_policy() → bool

class antimatter.authn.OAuthDomainAuthentication(domain_id: str, oauth_authentication: antimatter.authn.OAuthAuthentication, identity_provider_name: str = 'google')

Bases: antimatter.authn.Authentication

A domain authentication class which uses an oauth token for authentication. This class uses the oauth id token obtained from its parent to transmute them into a domain identity token. It uses the identity provider name “google” by default to authenticate the domain.

authenticate(token_lifetime: int | None = None)

get_token()

needs_refresh()

get_token_scope()

get_session()

get_domain_id()

get_email()

has_client_retry_policy() → bool