iam_python_sdk package

Submodules

iam_python_sdk.async_client module

IAM Python SDK async client module.

class iam_python_sdk.async_client.AsyncClient(config: iam_python_sdk.config.Config, rolePermissionCache: iam_python_sdk.cache.Cache, clientInfoCache: iam_python_sdk.cache.Cache, httpClient: iam_python_sdk.async_client.HttpClient) → None[source]

Bases: object

Async Client class.

ClientToken() → str[source]

Returns client access token

Returns:
str: token
ClientTokenGrant() → None[source]

Starts client token grant to get client bearer token for role caching

Raises:
ClientTokenGrantError: exception response format error ClientTokenGrantError: exceptions http request error
GetClientInformation(namespace: str, clientID: str) → typing.Union[iam_python_sdk.models.ClientInformation, NoneType][source]

Gets IAM client information, it will look into cache first, if not found then fetch it to IAM.

Args:
namespace (str): namespace clientID (str): client ID
Returns:
Union[ClientInformation, None]: client information or None
GetRolePermissions(roleID: str) → typing.List[iam_python_sdk.models.Permission][source]

Get permssions of a role

Args:
roleID (str): role id
Raises:
GetRolePermissionError: exception failed to refresh token GetRolePermissionError: exception response format error GetRolePermissionError: exceptions http request error
Returns:
Union[List[Permission], None]: list of permissions or None
HasBan(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], banType: str) → bool[source]

Validates if certain ban exist

Args:
claims (JWTClaims): JWT claims banType (str): ban type
Returns:
bool: ban status
HealthCheck() → bool[source]

Lets caller know the health of the IAM client

Returns:
bool: health status
StartLocalValidation() → None[source]

Starts thread to refresh JWK and revocation list periodically this enables local token validation

UserAnonymousStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool[source]

Gets user anonymous status on access token

Args:
claims (JWTClaims): JWT claims
Returns:
bool: user anonymous status
UserEmailVerificationStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool[source]

Gets user email verification status on access token

Args:
claims (JWTClaims): JWT claims
Returns:
bool: user email verification status
UserPhoneVerificationStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool[source]

Gets user phone verification status on access token

Args:
claims (JWTClaims): JWT claims
Returns:
bool: user phone verification status
ValidateAccessToken(accessToken: str) → bool[source]

Validates access token by calling IAM service

Args:
accessToken (str): access token
Raises:
ValidateAccessTokenError: exception failed to refresh token ValidateAccessTokenError: exceptions http request error
Returns:
bool: access token validity status
ValidateAndParseClaims(accessToken: str) → typing.Union[iam_python_sdk.models.JWTClaims, NoneType][source]

Validates access token locally and returns the JWT claims contained in the token

Args:
accessToken (str): access token
Returns:
Union[JWTClaims, None]: JWT claims or None
ValidateAudience(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → None[source]

Validate audience of user access token

Args:
claims (JWTClaims): JWT claims
ValidatePermission(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], requiredPermission: iam_python_sdk.models.Permission, permissionResources: typing.Dict[str, str]) → bool[source]

Validates if an access token has right for a specific permission

Args:
claims (JWTClaims): JWT claims requiredPermission (Permission): permission to access resource, example: {Resource: “NAMESPACE:{namespace}:USER:{userId}”, Action: 2} permissionResources (Dict[str, str]): resource string to replace the {} placeholder in requiredPermission, example: p[“{namespace}”] = “accelbyte”
Returns:
bool: permission status
ValidateRole(requiredRoleID: str, claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool[source]

Validates if an access token has a specific role

Args:
requiredRoleID (str): role ID that required claims (JWTClaims): JWT claims
Returns:
bool: role validity status
ValidateScope(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], reqScope: str) → None[source]

Validate scope of user access token

Args:
claims (JWTClaims): JWT claims reqScope (str): required role scope
class iam_python_sdk.async_client.HttpClient → None[source]

Bases: object

HttpClient class to do http request.

close() → None[source]
get(*args, **kwargs) → httpx.Response[source]
post(*args, **kwargs) → httpx.Response[source]
request(method: str = 'GET', *args, **kwargs) → httpx.Response[source]
class iam_python_sdk.async_client.NewAsyncClient(config: iam_python_sdk.config.Config) → None[source]

Bases: iam_python_sdk.async_client.AsyncClient

iam_python_sdk.async_client.backoff_giveup_handler(backoff) → None[source]

iam_python_sdk.bloom module

Bloom filter module.

class iam_python_sdk.bloom.BloomFilter → None[source]

Bases: object

Bloom Filer class.

contains(item: str) → bool[source]

Check of item is in a BloomFilter

Args:
item (str): String of item
Returns:
bool: Status of item in a BloomFilter
insert(item: str) → None[source]
loads(bits: list, k: int, m: int)[source]

Loads bitarray from bitset go format

Args:
bits (list): List of unpacked bits struct k (int): Hash number m (int): Number of bits

iam_python_sdk.cache module

Cache module.

class iam_python_sdk.cache.Cache(ttl: int = None, load_func: typing.Callable = None, *args, **kwargs) → None[source]

Bases: collections.OrderedDict

Cache class that implement OrderedDict with thread safe feature.

Args:
OrderedDict ([type]): dict subclass that remembers the order entries were added.
get(key: AnyStr, default=None) → typing.Any[source]

Get cache value by key.

Args:
key (AnyStr): cache key default (Any, optional): Default value if cache key is not found. Defaults to None.
Returns:
Any: cache value
is_expired(key: AnyStr, when: int = None) → bool[source]

Check if cache key is expired.

Args:
key (AnyStr): cache key when (int, optional): added time if needed. Defaults to None.
Returns:
bool: expired status
set(key: AnyStr, value: typing.Any, ttl: int = None) → None[source]

Set cache value

Args:
key (AnyStr): cache key value (Any): cache value ttl (int, optional): time to live in seconds. Defaults to None.

iam_python_sdk.cli module

Console script for iam_python_sdk.

iam_python_sdk.client module

IAM Python SDK client module.

class iam_python_sdk.client.DefaultClient(config: iam_python_sdk.config.Config, rolePermissionCache: iam_python_sdk.cache.Cache, clientInfoCache: iam_python_sdk.cache.Cache, httpClient: iam_python_sdk.client.HttpClient) → None[source]

Bases: object

Default Client class.

ClientToken() → str[source]

Returns client access token

Returns:
str: token
ClientTokenGrant() → None[source]

Starts client token grant to get client bearer token for role caching

Raises:
ClientTokenGrantError: exception response format error ClientTokenGrantError: exceptions http request error
DelegateToken(extendNamespace: str)[source]

Returns delegated client access token

Returns:
str: token
GetClientInformation(namespace: str, clientID: str) → typing.Union[iam_python_sdk.models.ClientInformation, NoneType][source]

Gets IAM client information, it will look into cache first, if not found then fetch it to IAM.

Args:
namespace (str): namespace clientID (str): client ID
Returns:
Union[ClientInformation, None]: client information or None
GetRolePermissions(roleID: str) → typing.List[iam_python_sdk.models.Permission][source]

Get permssions of a role

Args:
roleID (str): role id
Raises:
GetRolePermissionError: exception failed to refresh token GetRolePermissionError: exception response format error GetRolePermissionError: exceptions http request error
Returns:
Union[List[Permission], None]: list of permissions or None
HasBan(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], banType: str) → bool[source]

Validates if certain ban exist

Args:
claims (JWTClaims): JWT claims banType (str): ban type
Returns:
bool: ban status
HealthCheck() → bool[source]

Lets caller know the health of the IAM client

Returns:
bool: health status
StartLocalValidation() → None[source]

Starts thread to refresh JWK and revocation list periodically this enables local token validation

UserAnonymousStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool[source]

Gets user anonymous status on access token

Args:
claims (JWTClaims): JWT claims
Returns:
bool: user anonymous status
UserEmailVerificationStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool[source]

Gets user email verification status on access token

Args:
claims (JWTClaims): JWT claims
Returns:
bool: user email verification status
UserPhoneVerificationStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool[source]

Gets user phone verification status on access token

Args:
claims (JWTClaims): JWT claims
Returns:
bool: user phone verification status
ValidateAccessToken(accessToken: str) → bool[source]

Validates access token by calling IAM service

Args:
accessToken (str): access token
Raises:
ValidateAccessTokenError: exception failed to refresh token ValidateAccessTokenError: exceptions http request error
Returns:
bool: access token validity status
ValidateAndParseClaims(accessToken: str) → typing.Union[iam_python_sdk.models.JWTClaims, NoneType][source]

Validates access token locally and returns the JWT claims contained in the token

Args:
accessToken (str): access token
Returns:
Union[JWTClaims, None]: JWT claims or None
ValidateAudience(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → None[source]

Validate audience of user access token

Args:
claims (JWTClaims): JWT claims
ValidatePermission(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], requiredPermission: iam_python_sdk.models.Permission, permissionResources: typing.Dict[str, str]) → bool[source]

Validates if an access token has right for a specific permission

Args:
claims (JWTClaims): JWT claims requiredPermission (Permission): permission to access resource, example: {Resource: “NAMESPACE:{namespace}:USER:{userId}”, Action: 2} permissionResources (Dict[str, str]): resource string to replace the {} placeholder in requiredPermission, example: p[“{namespace}”] = “accelbyte”
Returns:
bool: permission status
ValidateRole(requiredRoleID: str, claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool[source]

Validates if an access token has a specific role

Args:
requiredRoleID (str): role ID that required claims (JWTClaims): JWT claims
Returns:
bool: role validity status
ValidateScope(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], reqScope: str) → None[source]

Validate scope of user access token

Args:
claims (JWTClaims): JWT claims reqScope (str): required role scope
class iam_python_sdk.client.HttpClient → None[source]

Bases: object

HttpClient class to do http request.

close() → None[source]
get(*args, **kwargs) → httpx.Response[source]
post(*args, **kwargs) → httpx.Response[source]
request(method: str = 'GET', *args, **kwargs) → httpx.Response[source]
class iam_python_sdk.client.NewDefaultClient(config: iam_python_sdk.config.Config) → None[source]

Bases: iam_python_sdk.client.DefaultClient

iam_python_sdk.client.backoff_giveup_handler(backoff) → None[source]

iam_python_sdk.config module

Config module.

class iam_python_sdk.config.Config(BaseURL: str = '', BasicBaseURL: str = 'http://justice-basic-service/basic', ClientID: str = '', ClientSecret: str = '', RolesCacheExpirationTime: int = 60, JWKSRefreshInterval: int = 60, RevocationListRefreshInterval: int = 60, Debug: bool = False) → None[source]

Bases: object

Config class.

iam_python_sdk.errors module

Error module.

exception iam_python_sdk.errors.ClientDelegateTokenGrantError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ClientTokenGrantError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.EmptyTokenError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

message = 'token is empty'
exception iam_python_sdk.errors.Error(message: str = '') → None[source]

Bases: Exception

Base error class.

exception iam_python_sdk.errors.ForbiddenError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

message = 'access forbidden, make sure you have client creds that has sufficient permission'
exception iam_python_sdk.errors.GetClientInformationError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.GetJWKSError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.GetNamespaceContextError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.GetRevocationListError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.GetRolePermissionError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.HTTPClientError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.InvalidAudError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

message = "audience doesn't match the client's base uri. access denied"
exception iam_python_sdk.errors.InvalidScopeError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

message = 'insufficient scope'
exception iam_python_sdk.errors.InvalidTokenSignatureKeyError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

message = 'invalid token signature key ID'
exception iam_python_sdk.errors.NilClaimError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

message = 'claims is nil'
exception iam_python_sdk.errors.NoLocalValidationError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

message = 'local validation is not active, activate by calling StartLocalValidation()'
exception iam_python_sdk.errors.RefreshAccessTokenError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.RoleNotFoundError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

message = 'role not found'
exception iam_python_sdk.errors.StartLocalValidationError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.TokenRevokedError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

message = 'token has been revoked'
exception iam_python_sdk.errors.UnauthorizedError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

message = 'access unauthorized, make sure you have valid client access token using ClientTokenGrant'
exception iam_python_sdk.errors.UserRevokedError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

message = 'user has been revoked'
exception iam_python_sdk.errors.ValidateAccessTokenError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ValidateAndParseClaimsError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ValidateAudienceError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ValidateJWTError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ValidatePermissionError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ValidateScopeError(message: str = '') → None[source]

Bases: iam_python_sdk.errors.Error

iam_python_sdk.fastapi module

FastAPI module.

exception iam_python_sdk.fastapi.HTTPError(http_code: int, error_code: int, message: str, description: typing.Union[str, NoneType] = None) → None[source]

Bases: fastapi.exceptions.HTTPException

class iam_python_sdk.fastapi.IAM(app: typing.Union[fastapi.applications.FastAPI, NoneType] = None, config: iam_python_sdk.fastapi.Settings = Settings(iam_base_url='', iam_client_id='', iam_client_secret='', iam_token_locations=['headers', 'cookies'], iam_token_header_name='Authorization', iam_token_header_type='Bearer', iam_token_cookie_name='access_token', iam_token_cookie_path='/', iam_csrf_protection=True, iam_strict_referer=False, iam_allow_subdomain_referer=False, iam_subdomain_validation_enable=False, iam_subdomain_validation_excluded_namespaces=[], iam_cors_enable=False, iam_cors_origin='*', iam_cors_headers='*', iam_cors_methods='*', iam_cors_credentials=True)) → None[source]

Bases: object

IAM FastAPI extensions class.

grant_token() → None[source]

Generate oauth IAM token

Raises:
HTTPError: Unable to grant token
init_app(app: fastapi.applications.FastAPI, config: iam_python_sdk.fastapi.Settings = Settings(iam_base_url='', iam_client_id='', iam_client_secret='', iam_token_locations=['headers', 'cookies'], iam_token_header_name='Authorization', iam_token_header_type='Bearer', iam_token_cookie_name='access_token', iam_token_cookie_path='/', iam_csrf_protection=True, iam_strict_referer=False, iam_allow_subdomain_referer=False, iam_subdomain_validation_enable=False, iam_subdomain_validation_excluded_namespaces=[], iam_cors_enable=False, iam_cors_origin='*', iam_cors_headers='*', iam_cors_methods='*', iam_cors_credentials=True)) → None[source]

Init IAM FastAPI extensions with FastAPI app. Client token grant and local validation will be executed once here, then the background thread will spawn to refresh token, jwks and revocation list.

Args:
app (Flask): Flask app instance config (Settings): Configuration object
Raises:
IAMError: Error if the requirement configs are not set
class iam_python_sdk.fastapi.Settings[source]

Bases: pydantic.env_settings.BaseSettings

IAM settings class.

iam_python_sdk.fastapi.access_token() → typing.Callable[source]

Get access token from request.

Raises:
IAMError: Error IAM init HTTPError: Error if token is not found
Returns:
JWTClaims: JWT claims data
iam_python_sdk.fastapi.permission_required(required_permission: typing.Union[dict, iam_python_sdk.models.Permission], permission_resource: dict = {}, csrf_protect: typing.Union[bool, NoneType] = None) → typing.Callable[source]

Validate permission in the token if it has required permission

Args:
required_permission (Union[dict, Permission]): The required permission permission_resource (dict, optional): The placeholder replacement if any. Defaults to {}. csrf_protect (Union[bool, None], optional): CSRF protect options. Defaults to None.
Raises:
IAMError: Error IAM init HTTPError: Error if JWT claims data is not sufficient to access required permission and resource
Returns:
Callable: _description_
iam_python_sdk.fastapi.token_required(csrf_protect: typing.Union[bool, NoneType] = None) → typing.Callable[source]

Validate token in the FastAPI request. This method support headers and cookies with based token.

Args:
csrf_protect (bool, None): Validate referer for CSRF protection
Raises:
IAMError: Error IAM init HTTPError: Error if token is invalid
Returns:
JWTClaims: JWT claims data
iam_python_sdk.fastapi.validate_referer_header(request: starlette.requests.Request, jwt_claims: iam_python_sdk.models.JWTClaims) → bool[source]

Validate referer header for CSRF protection

Args:
request (Request): FastAPI request object jwt_claims (JWTClaims): JWT Claim data from token
Raises:
IAMError: Error IAM init
Returns:
bool: Is referrer header valid
iam_python_sdk.fastapi.validate_referer_with_subdomain(referer_header: str, client_redirect_uri: str) → bool[source]

Validate referer header that have subdomain.

Args:
referer_header (str): Referer header string client_redirect_uri (str): Client redirect URI string
Returns:
bool: Referer header status
iam_python_sdk.fastapi.validate_subdomain_with_namespace(host: str, namespace: str, excluded_namespaces: typing.List[str]) → bool[source]

Validate subdomain against namespace

Args:
host (str): hostname namespace (str): namespace excluded_namespaces (List[str]): excluded namespace
Returns:
bool: Is subdomain is valid

iam_python_sdk.flask module

Flask module.

exception iam_python_sdk.flask.HTTPError(http_code: int, error_code: int, message: str, description: typing.Union[str, NoneType] = None) → None[source]

Bases: werkzeug.exceptions.HTTPException

class iam_python_sdk.flask.IAM(app: typing.Union[flask.app.Flask, NoneType] = None) → None[source]

Bases: object

IAM Flask extensions class.

get_token_in_request() → tuple[source]

Extract access token from request.

Raises:
HTTPError: Error if token is not found
Returns:
tuple: [0] Access token string, [1] Location of access token
grant_token(app: flask.app.Flask) → iam_python_sdk.client.DefaultClient[source]

Generate oauth IAM token

Args:
app (Flask): Flask app
Raises:
HTTPError: Unable to grant token
Returns:
DefaultClient: IAM SDK default client object
init_app(app: flask.app.Flask) → None[source]

Init IAM flask extensions with Flask app. Client token grant and local validation will be executed once here, then the background thread will spawn to refresh token, jwks and revocation list.

Args:
app (Flask): Flask app instance
Raises:
IAMError: Error if the requirement configs are not set
validate_permission(jwt_claims: iam_python_sdk.models.JWTClaims, required_permission: typing.Union[dict, iam_python_sdk.models.Permission], permission_resource: dict) → bool[source]

Validate permission from JWT claims data.

Args:

jwt_claims (JWTClaims): JWT claims data required_permission (Union[dict, Permission]): Required permission that needed,

can be in dict or Permission format.

permission_resource (dict): Optional permission resource if needed

Raises:
HTTPError: Error if JWT claims data is not sufficient to access required permission and resource
Returns:
bool: Permission status
validate_referer_header(jwt_claims: iam_python_sdk.models.JWTClaims) → bool[source]

Validate referer header for CSRF protection

Args:
jwt_claims (JWTClaims): JWT claims data
Returns:
bool: Is referer header valid or not
validate_referer_with_subdomain(referer_header: str, client_redirect_uri: str) → bool[source]

Validate referer header that have subdomain.

Args:
referer_header (str): Referer header string client_redirect_uri (str): Client redirect URI string
Returns:
bool: Referer header status
validate_token_in_request(validate_referer: bool) → iam_python_sdk.models.JWTClaims[source]

Validate token in the Flask request. This method support headers and cookies with based token.

Args:
validate_referer (bool): Validate referer for CSRF protection
Raises:
HTTPError: Error if token is invalid
Returns:
JWTClaims: JWT claims data
iam_python_sdk.flask.cors_options(headers: dict = {}, preflight_options: bool = True)[source]

Decorator for set the CORS response header. This method will override default app-wide CORS options if it has enabled.

Args:
headers (dict, optional): CORS headers key and value to be added to the response. Defaults to {}.
Returns:
Callable: Wrapped functions.
iam_python_sdk.flask.permission_required(required_permission: dict, permission_resource: dict = {}, csrf_protect: typing.Union[bool, NoneType] = None)[source]

The decorator to protect endpoint using IAM service.

Args:

required_permission (dict): Required permission with format {“resource”: xxx, “action”: n} permission_resource (dict, optional): Optional permission resource if needed with format

{“{xxx}”: “xxx replacement”}. Defaults to {}.
csrf_protect (bool): CSRF protection (Note: CSRF protect is available only on cookie token).
Defaults to IAM_CSRF_PROTECTION config.
Raises:
IAMError: Error IAM init HTTPError: Insufficient permission
Returns:
Callable: Wrapped function
iam_python_sdk.flask.validate_referer_with_subdomain(referer_header: str, client_redirect_uri: str) → bool[source]
iam_python_sdk.flask.validate_subdomain_with_namespace(host: str, namespace: str, excluded_namespaces: typing.List[str]) → bool[source]

Validate subdomain against namespace

Args:
host (str): hostname namespace (str): namespace excluded_namespaces (List[str]): excluded namespace
Returns:
bool: Is subdomain is valid

iam_python_sdk.http_errors module

iam_python_sdk.log module

iam_python_sdk.models module

Model module.

class iam_python_sdk.models.BloomFilterJSON[source]

Bases: iam_python_sdk.models.Model

Bits = [0]
K = 0
M = 0
class iam_python_sdk.models.ClientInformation[source]

Bases: iam_python_sdk.models.Model

Holds client information.

Baseuri = ''
Clientname = ''
Namespace = ''
Redirecturi = ''
class iam_python_sdk.models.JWTBan[source]

Bases: iam_python_sdk.models.Model

Holds information about ban record in JWT.

Ban = ''
Enddate = ''
class iam_python_sdk.models.JWTClaims[source]

Bases: iam_python_sdk.models.Model

Holds data stored in a JWT access token with additional Justice Flags field.

Aud = ['']
Bans = [<iam_python_sdk.models.JWTBan object>]
ClientId = ''
Country = ''
DisplayName = ''
Exp = -1
ExtendNamespace = ''
Iat = -1
Ipf = ''
Ipo = ''
IsComply = False
Iss = ''
Jflgs = -1
Jti = ''
Namespace = ''
NamespaceRoles = [<iam_python_sdk.models.NamespaceRole object>]
Nbf = -1
ParentNamespace = ''
Permissions = [<iam_python_sdk.models.Permission object>]
Roles = ['']
Scope = ''
Sp = ''
Sub = ''
UnionID = ''
UnionNamespace = ''
class iam_python_sdk.models.Model[source]

Bases: object

Base model class.

classmethod loads(data: typing.Any) → typing.Any[source]

Decode data to model

Args:
data (Any): data to decode
Returns:
Any: model object
class iam_python_sdk.models.NamespaceContext[source]

Bases: iam_python_sdk.models.Model

StudioNamespace = ''
Type = ''
class iam_python_sdk.models.NamespaceRole[source]

Bases: iam_python_sdk.models.Model

Hold info about a namespace role.

Namespace = ''
Roleid = ''
class iam_python_sdk.models.Permission[source]

Bases: iam_python_sdk.models.Model

Holds information about the actions can be performed to the resource.

Action = -1
Resource = ''
Schedaction = -1
Schedcron = ''
Schedrange = ['']
is_in_range() → bool[source]
is_recurring() → bool[source]
is_scheduled() → bool[source]
class iam_python_sdk.models.RevocationList[source]

Bases: iam_python_sdk.models.Model

Contains revoked user and token.

RevokedTokens = <iam_python_sdk.models.BloomFilterJSON object>
RevokedUsers = [<iam_python_sdk.models.UserRevocationListRecord object>]
class iam_python_sdk.models.Role[source]

Bases: iam_python_sdk.models.Model

Hold info about a user role.

AdminRole = ''
IsWildcard = ''
Permissions = [<iam_python_sdk.models.Permission object>]
Roleid = ''
Rolename = ''
class iam_python_sdk.models.TokenResponse[source]

Bases: iam_python_sdk.models.Model

Token response class on successful token request.

AcceptedPolicyVersion = ['']
AccessToken = ''
Bans = [<iam_python_sdk.models.JWTBan object>]
DisplayName = ''
ExpiresIn = -1
IsComply = ''
Jflgs = -1
Namespace = ''
NamespaceRoles = [<iam_python_sdk.models.NamespaceRole object>]
Permissions = [<iam_python_sdk.models.Permission object>]
PlatformId = ''
PlatformUserId = ''
RefreshToken = ''
Roles = ['']
TokenType = ''
UserId = ''
class iam_python_sdk.models.UserRevocationListRecord[source]

Bases: iam_python_sdk.models.Model

Used to store revoked user data.

Id = ''
RevokedAt = ''

iam_python_sdk.task module

Task module.

class iam_python_sdk.task.AsyncTask(interval: typing.Union[int, float], function: typing.Callable[..., typing.Any], repeat: bool = True, *args, **kwargs) → None[source]

Bases: object

AsyncTask module for background task.

start() → None[source]

Start the the background task.

status
stop() → None[source]

Stop the background task.

class iam_python_sdk.task.Task(interval: typing.Union[int, float], function: typing.Callable[..., typing.Any], repeat: bool = True, *args, **kwargs) → None[source]

Bases: object

Task module for background task.

start() → None[source]

Start the thread in background(daemon).

status
stop() → None[source]

Stop the background task.

iam_python_sdk.utils module

Utils module.

iam_python_sdk.utils.decode_model(data: typing.Union[str, list, dict], model: object) → typing.Any[source]

Decode model data from response json.

Args:
data (Union[str, list, dict]): A list, a dict or a string of json response. model (object): Model object.
Raises:
ValueError: Data error if none or empty. ValueError: Model error if not an object. ValueError: Data error if not a list, a dict or a string json.
Returns:
object: Model instance with data.
iam_python_sdk.utils.parse_nanotimestamp(s: str) → typing.Union[int, float][source]

Parse datetime string with nanoseconds

Args:
s (str): datetime string
Returns:
datetime: datetime object

Module contents

class iam_python_sdk.NewDefaultClient(config: iam_python_sdk.config.Config) → None[source]

Bases: iam_python_sdk.client.DefaultClient

class iam_python_sdk.NewAsyncClient(config: iam_python_sdk.config.Config) → None[source]

Bases: iam_python_sdk.async_client.AsyncClient

class iam_python_sdk.Config(BaseURL: str = '', BasicBaseURL: str = 'http://justice-basic-service/basic', ClientID: str = '', ClientSecret: str = '', RolesCacheExpirationTime: int = 60, JWKSRefreshInterval: int = 60, RevocationListRefreshInterval: int = 60, Debug: bool = False) → None[source]

Bases: object

Config class.