Warning: This document is for the development version of iam-python-sdk. The latest version is 1.4.1.

iam_python_sdk package

Submodules

iam_python_sdk.async_client module

IAM Python SDK async client module.

class iam_python_sdk.async_client.AsyncClient(config: iam_python_sdk.config.Config, rolePermissionCache: iam_python_sdk.cache.Cache, clientInfoCache: iam_python_sdk.cache.Cache, httpClient: iam_python_sdk.async_client.HttpClient) → None

Bases: object

Async Client class.

ClientToken() → str

Returns client access token

Returns:

str: token

ClientTokenGrant() → None

Starts client token grant to get client bearer token for role caching

Raises:

ClientTokenGrantError: exception response format error ClientTokenGrantError: exceptions http request error

GetClientInformation(namespace: str, clientID: str) → typing.Union[iam_python_sdk.models.ClientInformation, NoneType]

Gets IAM client information, it will look into cache first, if not found then fetch it to IAM.

Args:

namespace (str): namespace clientID (str): client ID

Returns:

Union[ClientInformation, None]: client information or None

GetRolePermissions(roleID: str) → typing.List[iam_python_sdk.models.Permission]

Get permssions of a role

Args:

roleID (str): role id

Raises:

GetRolePermissionError: exception failed to refresh token GetRolePermissionError: exception response format error GetRolePermissionError: exceptions http request error

Returns:

Union[List[Permission], None]: list of permissions or None

HasBan(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], banType: str) → bool

Validates if certain ban exist

Args:

claims (JWTClaims): JWT claims banType (str): ban type

Returns:

bool: ban status

HealthCheck() → bool

Lets caller know the health of the IAM client

Returns:

bool: health status

StartLocalValidation() → None

Starts thread to refresh JWK and revocation list periodically this enables local token validation

UserAnonymousStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool

Gets user anonymous status on access token

Args:

claims (JWTClaims): JWT claims

Returns:

bool: user anonymous status

UserEmailVerificationStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool

Gets user email verification status on access token

Args:

claims (JWTClaims): JWT claims

Returns:

bool: user email verification status

UserPhoneVerificationStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool

Gets user phone verification status on access token

Args:

claims (JWTClaims): JWT claims

Returns:

bool: user phone verification status

ValidateAccessToken(accessToken: str) → bool

Validates access token by calling IAM service

Args:

accessToken (str): access token

Raises:

ValidateAccessTokenError: exception failed to refresh token ValidateAccessTokenError: exceptions http request error

Returns:

bool: access token validity status

ValidateAndParseClaims(accessToken: str) → typing.Union[iam_python_sdk.models.JWTClaims, NoneType]

Validates access token locally and returns the JWT claims contained in the token

Args:

accessToken (str): access token

Returns:

Union[JWTClaims, None]: JWT claims or None

ValidateAudience(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → None

Validate audience of user access token

Args:

claims (JWTClaims): JWT claims

ValidatePermission(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], requiredPermission: iam_python_sdk.models.Permission, permissionResources: typing.Dict[str, str]) → bool

Validates if an access token has right for a specific permission

Args:

claims (JWTClaims): JWT claims requiredPermission (Permission): permission to access resource, example: {Resource: “NAMESPACE:{namespace}:USER:{userId}”, Action: 2} permissionResources (Dict[str, str]): resource string to replace the {} placeholder in requiredPermission, example: p[“{namespace}”] = “accelbyte”

Returns:

bool: permission status

ValidateRole(requiredRoleID: str, claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool

Validates if an access token has a specific role

Args:

requiredRoleID (str): role ID that required claims (JWTClaims): JWT claims

Returns:

bool: role validity status

ValidateScope(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], reqScope: str) → None

Validate scope of user access token

Args:

claims (JWTClaims): JWT claims reqScope (str): required role scope

class iam_python_sdk.async_client.HttpClient → None

Bases: object

HttpClient class to do http request.

close() → None

get(*args, **kwargs) → httpx.Response

post(*args, **kwargs) → httpx.Response

request(method: str = 'GET', *args, **kwargs) → httpx.Response

class iam_python_sdk.async_client.NewAsyncClient(config: iam_python_sdk.config.Config) → None

Bases: iam_python_sdk.async_client.AsyncClient

iam_python_sdk.async_client.backoff_giveup_handler(backoff) → None

iam_python_sdk.bloom module

Bloom filter module.

class iam_python_sdk.bloom.BloomFilter → None

Bases: object

Bloom Filer class.

contains(item: str) → bool

Check of item is in a BloomFilter

Args:

item (str): String of item

Returns:

bool: Status of item in a BloomFilter

insert(item: str) → None

loads(bits: list, k: int, m: int)

Loads bitarray from bitset go format

Args:

bits (list): List of unpacked bits struct k (int): Hash number m (int): Number of bits

iam_python_sdk.cache module

Cache module.

class iam_python_sdk.cache.Cache(ttl: int = None, load_func: typing.Callable = None, *args, **kwargs) → None

Bases: collections.OrderedDict

Cache class that implement OrderedDict with thread safe feature.

Args:

OrderedDict ([type]): dict subclass that remembers the order entries were added.

get(key: AnyStr, default=None) → typing.Any

Get cache value by key.

Args:

key (AnyStr): cache key default (Any, optional): Default value if cache key is not found. Defaults to None.

Returns:

Any: cache value

is_expired(key: AnyStr, when: int = None) → bool

Check if cache key is expired.

Args:

key (AnyStr): cache key when (int, optional): added time if needed. Defaults to None.

Returns:

bool: expired status

set(key: AnyStr, value: typing.Any, ttl: int = None) → None

Set cache value

Args:

key (AnyStr): cache key value (Any): cache value ttl (int, optional): time to live in seconds. Defaults to None.

iam_python_sdk.cli module

Console script for iam_python_sdk.

iam_python_sdk.client module

IAM Python SDK client module.

class iam_python_sdk.client.DefaultClient(config: iam_python_sdk.config.Config, rolePermissionCache: iam_python_sdk.cache.Cache, clientInfoCache: iam_python_sdk.cache.Cache, httpClient: iam_python_sdk.client.HttpClient) → None

Bases: object

Default Client class.

ClientToken() → str

Returns client access token

Returns:

str: token

ClientTokenGrant() → None

Starts client token grant to get client bearer token for role caching

Raises:

ClientTokenGrantError: exception response format error ClientTokenGrantError: exceptions http request error

DelegateToken(extendNamespace: str)

Returns delegated client access token

Returns:

str: token

GetClientInformation(namespace: str, clientID: str) → typing.Union[iam_python_sdk.models.ClientInformation, NoneType]

Gets IAM client information, it will look into cache first, if not found then fetch it to IAM.

Args:

namespace (str): namespace clientID (str): client ID

Returns:

Union[ClientInformation, None]: client information or None

GetRolePermissions(roleID: str) → typing.List[iam_python_sdk.models.Permission]

Get permssions of a role

Args:

roleID (str): role id

Raises:

GetRolePermissionError: exception failed to refresh token GetRolePermissionError: exception response format error GetRolePermissionError: exceptions http request error

Returns:

Union[List[Permission], None]: list of permissions or None

HasBan(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], banType: str) → bool

Validates if certain ban exist

Args:

claims (JWTClaims): JWT claims banType (str): ban type

Returns:

bool: ban status

HealthCheck() → bool

Lets caller know the health of the IAM client

Returns:

bool: health status

StartLocalValidation() → None

Starts thread to refresh JWK and revocation list periodically this enables local token validation

UserAnonymousStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool

Gets user anonymous status on access token

Args:

claims (JWTClaims): JWT claims

Returns:

bool: user anonymous status

UserEmailVerificationStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool

Gets user email verification status on access token

Args:

claims (JWTClaims): JWT claims

Returns:

bool: user email verification status

UserPhoneVerificationStatus(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool

Gets user phone verification status on access token

Args:

claims (JWTClaims): JWT claims

Returns:

bool: user phone verification status

ValidateAccessToken(accessToken: str) → bool

Validates access token by calling IAM service

Args:

accessToken (str): access token

Raises:

ValidateAccessTokenError: exception failed to refresh token ValidateAccessTokenError: exceptions http request error

Returns:

bool: access token validity status

ValidateAndParseClaims(accessToken: str) → typing.Union[iam_python_sdk.models.JWTClaims, NoneType]

Validates access token locally and returns the JWT claims contained in the token

Args:

accessToken (str): access token

Returns:

Union[JWTClaims, None]: JWT claims or None

ValidateAudience(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → None

Validate audience of user access token

Args:

claims (JWTClaims): JWT claims

ValidatePermission(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], requiredPermission: iam_python_sdk.models.Permission, permissionResources: typing.Dict[str, str]) → bool

Validates if an access token has right for a specific permission

Args:

claims (JWTClaims): JWT claims requiredPermission (Permission): permission to access resource, example: {Resource: “NAMESPACE:{namespace}:USER:{userId}”, Action: 2} permissionResources (Dict[str, str]): resource string to replace the {} placeholder in requiredPermission, example: p[“{namespace}”] = “accelbyte”

Returns:

bool: permission status

ValidateRole(requiredRoleID: str, claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType]) → bool

Validates if an access token has a specific role

Args:

requiredRoleID (str): role ID that required claims (JWTClaims): JWT claims

Returns:

bool: role validity status

ValidateScope(claims: typing.Union[iam_python_sdk.models.JWTClaims, NoneType], reqScope: str) → None

Validate scope of user access token

Args:

claims (JWTClaims): JWT claims reqScope (str): required role scope

class iam_python_sdk.client.HttpClient → None

Bases: object

HttpClient class to do http request.

close() → None

get(*args, **kwargs) → httpx.Response

post(*args, **kwargs) → httpx.Response

request(method: str = 'GET', *args, **kwargs) → httpx.Response

class iam_python_sdk.client.NewDefaultClient(config: iam_python_sdk.config.Config) → None

Bases: iam_python_sdk.client.DefaultClient

iam_python_sdk.client.backoff_giveup_handler(backoff) → None

iam_python_sdk.config module

Config module.

class iam_python_sdk.config.Config(BaseURL: str = '', BasicBaseURL: str = 'http://justice-basic-service/basic', ClientID: str = '', ClientSecret: str = '', RolesCacheExpirationTime: int = 60, JWKSRefreshInterval: int = 60, RevocationListRefreshInterval: int = 60, Debug: bool = False) → None

Bases: object

Config class.

iam_python_sdk.errors module

Error module.

exception iam_python_sdk.errors.ClientDelegateTokenGrantError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ClientTokenGrantError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.EmptyTokenError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

message = 'token is empty'

exception iam_python_sdk.errors.Error(message: str = '') → None

Bases: Exception

Base error class.

exception iam_python_sdk.errors.ForbiddenError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

message = 'access forbidden, make sure you have client creds that has sufficient permission'

exception iam_python_sdk.errors.GetClientInformationError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.GetJWKSError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.GetNamespaceContextError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.GetRevocationListError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.GetRolePermissionError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.HTTPClientError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.InvalidAudError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

message = "audience doesn't match the client's base uri. access denied"

exception iam_python_sdk.errors.InvalidScopeError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

message = 'insufficient scope'

exception iam_python_sdk.errors.InvalidTokenSignatureKeyError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

message = 'invalid token signature key ID'

exception iam_python_sdk.errors.NilClaimError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

message = 'claims is nil'

exception iam_python_sdk.errors.NoLocalValidationError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

message = 'local validation is not active, activate by calling StartLocalValidation()'

exception iam_python_sdk.errors.RefreshAccessTokenError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.RoleNotFoundError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

message = 'role not found'

exception iam_python_sdk.errors.StartLocalValidationError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.TokenRevokedError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

message = 'token has been revoked'

exception iam_python_sdk.errors.UnauthorizedError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

message = 'access unauthorized, make sure you have valid client access token using ClientTokenGrant'

exception iam_python_sdk.errors.UserRevokedError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

message = 'user has been revoked'

exception iam_python_sdk.errors.ValidateAccessTokenError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ValidateAndParseClaimsError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ValidateAudienceError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ValidateJWTError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ValidatePermissionError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

exception iam_python_sdk.errors.ValidateScopeError(message: str = '') → None

Bases: iam_python_sdk.errors.Error

iam_python_sdk.fastapi module

FastAPI module.

exception iam_python_sdk.fastapi.HTTPError(http_code: int, error_code: int, message: str, description: typing.Union[str, NoneType] = None) → None

Bases: fastapi.exceptions.HTTPException

class iam_python_sdk.fastapi.IAM(app: typing.Union[fastapi.applications.FastAPI, NoneType] = None, config: iam_python_sdk.fastapi.Settings = Settings(iam_base_url='', iam_client_id='', iam_client_secret='', iam_token_locations=['headers', 'cookies'], iam_token_header_name='Authorization', iam_token_header_type='Bearer', iam_token_cookie_name='access_token', iam_token_cookie_path='/', iam_csrf_protection=True, iam_strict_referer=False, iam_allow_subdomain_referer=False, iam_subdomain_validation_enable=False, iam_subdomain_validation_excluded_namespaces=[], iam_cors_enable=False, iam_cors_origin='*', iam_cors_headers='*', iam_cors_methods='*', iam_cors_credentials=True)) → None

Bases: object

IAM FastAPI extensions class.

grant_token() → None

Generate oauth IAM token

Raises:

HTTPError: Unable to grant token

init_app(app: fastapi.applications.FastAPI, config: iam_python_sdk.fastapi.Settings = Settings(iam_base_url='', iam_client_id='', iam_client_secret='', iam_token_locations=['headers', 'cookies'], iam_token_header_name='Authorization', iam_token_header_type='Bearer', iam_token_cookie_name='access_token', iam_token_cookie_path='/', iam_csrf_protection=True, iam_strict_referer=False, iam_allow_subdomain_referer=False, iam_subdomain_validation_enable=False, iam_subdomain_validation_excluded_namespaces=[], iam_cors_enable=False, iam_cors_origin='*', iam_cors_headers='*', iam_cors_methods='*', iam_cors_credentials=True)) → None

Init IAM FastAPI extensions with FastAPI app. Client token grant and local validation will be executed once here, then the background thread will spawn to refresh token, jwks and revocation list.

Args:

app (Flask): Flask app instance config (Settings): Configuration object

Raises:

IAMError: Error if the requirement configs are not set

class iam_python_sdk.fastapi.Settings

Bases: pydantic.env_settings.BaseSettings

IAM settings class.

iam_python_sdk.fastapi.access_token() → typing.Callable

Get access token from request.

Raises:

IAMError: Error IAM init HTTPError: Error if token is not found

Returns:

JWTClaims: JWT claims data

iam_python_sdk.fastapi.permission_required(required_permission: typing.Union[dict, iam_python_sdk.models.Permission], permission_resource: dict = {}, csrf_protect: typing.Union[bool, NoneType] = None) → typing.Callable

Validate permission in the token if it has required permission

Args:

required_permission (Union[dict, Permission]): The required permission permission_resource (dict, optional): The placeholder replacement if any. Defaults to {}. csrf_protect (Union[bool, None], optional): CSRF protect options. Defaults to None.

Raises:

IAMError: Error IAM init HTTPError: Error if JWT claims data is not sufficient to access required permission and resource

Returns:

Callable: _description_

iam_python_sdk.fastapi.token_required(csrf_protect: typing.Union[bool, NoneType] = None) → typing.Callable

Validate token in the FastAPI request. This method support headers and cookies with based token.

Args:

csrf_protect (bool, None): Validate referer for CSRF protection

Raises:

IAMError: Error IAM init HTTPError: Error if token is invalid

Returns:

JWTClaims: JWT claims data

iam_python_sdk.fastapi.validate_referer_header(request: starlette.requests.Request, jwt_claims: iam_python_sdk.models.JWTClaims) → bool

Validate referer header for CSRF protection

Args:

request (Request): FastAPI request object jwt_claims (JWTClaims): JWT Claim data from token

Raises:

IAMError: Error IAM init

Returns:

bool: Is referrer header valid

iam_python_sdk.fastapi.validate_referer_with_subdomain(referer_header: str, client_redirect_uri: str) → bool

Validate referer header that have subdomain.

Args:

referer_header (str): Referer header string client_redirect_uri (str): Client redirect URI string

Returns:

bool: Referer header status

iam_python_sdk.fastapi.validate_subdomain_with_namespace(host: str, namespace: str, excluded_namespaces: typing.List[str]) → bool

Validate subdomain against namespace

Args:

host (str): hostname namespace (str): namespace excluded_namespaces (List[str]): excluded namespace

Returns:

bool: Is subdomain is valid

iam_python_sdk.flask module

Flask module.

exception iam_python_sdk.flask.HTTPError(http_code: int, error_code: int, message: str, description: typing.Union[str, NoneType] = None) → None

Bases: werkzeug.exceptions.HTTPException

class iam_python_sdk.flask.IAM(app: typing.Union[flask.app.Flask, NoneType] = None) → None

Bases: object

IAM Flask extensions class.

get_token_in_request() → tuple

Extract access token from request.

Raises:

HTTPError: Error if token is not found

Returns:

tuple: [0] Access token string, [1] Location of access token

grant_token(app: flask.app.Flask) → iam_python_sdk.client.DefaultClient

Generate oauth IAM token

Args:

app (Flask): Flask app

Raises:

HTTPError: Unable to grant token

Returns:

DefaultClient: IAM SDK default client object

init_app(app: flask.app.Flask) → None

Init IAM flask extensions with Flask app. Client token grant and local validation will be executed once here, then the background thread will spawn to refresh token, jwks and revocation list.

Args:

app (Flask): Flask app instance

Raises:

IAMError: Error if the requirement configs are not set

validate_permission(jwt_claims: iam_python_sdk.models.JWTClaims, required_permission: typing.Union[dict, iam_python_sdk.models.Permission], permission_resource: dict) → bool

Validate permission from JWT claims data.

Args:

jwt_claims (JWTClaims): JWT claims data required_permission (Union[dict, Permission]): Required permission that needed,

can be in dict or Permission format.

permission_resource (dict): Optional permission resource if needed

Raises:

HTTPError: Error if JWT claims data is not sufficient to access required permission and resource

Returns:

bool: Permission status

validate_referer_header(jwt_claims: iam_python_sdk.models.JWTClaims) → bool

Validate referer header for CSRF protection

Args:

jwt_claims (JWTClaims): JWT claims data

Returns:

bool: Is referer header valid or not

validate_referer_with_subdomain(referer_header: str, client_redirect_uri: str) → bool

Validate referer header that have subdomain.

Args:

referer_header (str): Referer header string client_redirect_uri (str): Client redirect URI string

Returns:

bool: Referer header status

validate_token_in_request(validate_referer: bool) → iam_python_sdk.models.JWTClaims

Validate token in the Flask request. This method support headers and cookies with based token.

Args:

validate_referer (bool): Validate referer for CSRF protection

Raises:

HTTPError: Error if token is invalid

Returns:

JWTClaims: JWT claims data

iam_python_sdk.flask.cors_options(headers: dict = {}, preflight_options: bool = True)

Decorator for set the CORS response header. This method will override default app-wide CORS options if it has enabled.

Args:

headers (dict, optional): CORS headers key and value to be added to the response. Defaults to {}.

Returns:

Callable: Wrapped functions.

iam_python_sdk.flask.permission_required(required_permission: dict, permission_resource: dict = {}, csrf_protect: typing.Union[bool, NoneType] = None)

The decorator to protect endpoint using IAM service.

Args:

required_permission (dict): Required permission with format {“resource”: xxx, “action”: n} permission_resource (dict, optional): Optional permission resource if needed with format

{“{xxx}”: “xxx replacement”}. Defaults to {}.

csrf_protect (bool): CSRF protection (Note: CSRF protect is available only on cookie token).

Defaults to IAM_CSRF_PROTECTION config.

Raises:

IAMError: Error IAM init HTTPError: Insufficient permission

Returns:

Callable: Wrapped function

iam_python_sdk.flask.validate_referer_with_subdomain(referer_header: str, client_redirect_uri: str) → bool

iam_python_sdk.flask.validate_subdomain_with_namespace(host: str, namespace: str, excluded_namespaces: typing.List[str]) → bool

Validate subdomain against namespace

Args:

host (str): hostname namespace (str): namespace excluded_namespaces (List[str]): excluded namespace

Returns:

bool: Is subdomain is valid

iam_python_sdk.http_errors module

iam_python_sdk.log module

iam_python_sdk.models module

Model module.

class iam_python_sdk.models.BloomFilterJSON

Bases: iam_python_sdk.models.Model

Bits = [0]

K = 0

M = 0

class iam_python_sdk.models.ClientInformation

Bases: iam_python_sdk.models.Model

Holds client information.

Baseuri = ''

Clientname = ''

Namespace = ''

Redirecturi = ''

class iam_python_sdk.models.JWTBan

Bases: iam_python_sdk.models.Model

Holds information about ban record in JWT.

Ban = ''

Enddate = ''

class iam_python_sdk.models.JWTClaims

Bases: iam_python_sdk.models.Model

Holds data stored in a JWT access token with additional Justice Flags field.

Aud = ['']

Bans = [<iam_python_sdk.models.JWTBan object>]

ClientId = ''

Country = ''

DisplayName = ''

Exp = -1

ExtendNamespace = ''

Iat = -1

Ipf = ''

Ipo = ''

IsComply = False

Iss = ''

Jflgs = -1

Jti = ''

Namespace = ''

NamespaceRoles = [<iam_python_sdk.models.NamespaceRole object>]

Nbf = -1

ParentNamespace = ''

Permissions = [<iam_python_sdk.models.Permission object>]

Roles = ['']

Scope = ''

Sp = ''

Sub = ''

UnionID = ''

UnionNamespace = ''

class iam_python_sdk.models.Model

Bases: object

Base model class.

classmethod loads(data: typing.Any) → typing.Any

Decode data to model

Args:

data (Any): data to decode

Returns:

Any: model object

class iam_python_sdk.models.NamespaceContext

Bases: iam_python_sdk.models.Model

StudioNamespace = ''

Type = ''

class iam_python_sdk.models.NamespaceRole

Bases: iam_python_sdk.models.Model

Hold info about a namespace role.

Namespace = ''

Roleid = ''

class iam_python_sdk.models.Permission

Bases: iam_python_sdk.models.Model

Holds information about the actions can be performed to the resource.

Action = -1

Resource = ''

Schedaction = -1

Schedcron = ''

Schedrange = ['']

is_in_range() → bool

is_recurring() → bool

is_scheduled() → bool

class iam_python_sdk.models.RevocationList

Bases: iam_python_sdk.models.Model

Contains revoked user and token.

RevokedTokens = <iam_python_sdk.models.BloomFilterJSON object>

RevokedUsers = [<iam_python_sdk.models.UserRevocationListRecord object>]

class iam_python_sdk.models.Role

Bases: iam_python_sdk.models.Model

Hold info about a user role.

AdminRole = ''

IsWildcard = ''

Permissions = [<iam_python_sdk.models.Permission object>]

Roleid = ''

Rolename = ''

class iam_python_sdk.models.TokenResponse

Bases: iam_python_sdk.models.Model

Token response class on successful token request.

AcceptedPolicyVersion = ['']

AccessToken = ''

Bans = [<iam_python_sdk.models.JWTBan object>]

DisplayName = ''

ExpiresIn = -1

IsComply = ''

Jflgs = -1

Namespace = ''

NamespaceRoles = [<iam_python_sdk.models.NamespaceRole object>]

Permissions = [<iam_python_sdk.models.Permission object>]

PlatformId = ''

PlatformUserId = ''

RefreshToken = ''

Roles = ['']

TokenType = ''

UserId = ''

class iam_python_sdk.models.UserRevocationListRecord

Bases: iam_python_sdk.models.Model

Used to store revoked user data.

Id = ''

RevokedAt = ''

iam_python_sdk.task module

Task module.

class iam_python_sdk.task.AsyncTask(interval: typing.Union[int, float], function: typing.Callable[..., typing.Any], repeat: bool = True, *args, **kwargs) → None

Bases: object

AsyncTask module for background task.

start() → None

Start the the background task.

status

stop() → None

Stop the background task.

class iam_python_sdk.task.Task(interval: typing.Union[int, float], function: typing.Callable[..., typing.Any], repeat: bool = True, *args, **kwargs) → None

Bases: object

Task module for background task.

start() → None

Start the thread in background(daemon).

status

stop() → None

Stop the background task.

iam_python_sdk.utils module

Utils module.

iam_python_sdk.utils.decode_model(data: typing.Union[str, list, dict], model: object) → typing.Any

Decode model data from response json.

Args:

data (Union[str, list, dict]): A list, a dict or a string of json response. model (object): Model object.

Raises:

ValueError: Data error if none or empty. ValueError: Model error if not an object. ValueError: Data error if not a list, a dict or a string json.

Returns:

object: Model instance with data.

iam_python_sdk.utils.parse_nanotimestamp(s: str) → typing.Union[int, float]

Parse datetime string with nanoseconds

Args:

s (str): datetime string

Returns:

datetime: datetime object

Module contents

class iam_python_sdk.NewDefaultClient(config: iam_python_sdk.config.Config) → None

Bases: iam_python_sdk.client.DefaultClient

class iam_python_sdk.NewAsyncClient(config: iam_python_sdk.config.Config) → None

Bases: iam_python_sdk.async_client.AsyncClient

class iam_python_sdk.Config(BaseURL: str = '', BasicBaseURL: str = 'http://justice-basic-service/basic', ClientID: str = '', ClientSecret: str = '', RolesCacheExpirationTime: int = 60, JWKSRefreshInterval: int = 60, RevocationListRefreshInterval: int = 60, Debug: bool = False) → None

Bases: object

Config class.