daklib.rpc_auth¶
Authentication and authorization for the DAK RPC server.
Functions
|
|
|
|
|
Get the current authentication and verify it has at least one of the given scopes, or abort with PERMISSION_DENIED. |
|
Get the current authentication or abort with UNAUTHENTICATED. |
|
Get the current authentication and verify it has the given scope, or abort with PERMISSION_DENIED. |
Classes
|
|
|
gRPC interceptor for authentication |
|
|
|
- class daklib.rpc_auth.AuthResult(sub: str, scopes: frozenset[str])[source]¶
- has_any_scope(scopes: Collection[str]) bool[source]¶
- class daklib.rpc_auth.AuthenticationInterceptor(token_auth: TokenAuth)[source]¶
gRPC interceptor for authentication
- _abc_impl = <_abc._abc_data object>¶
- intercept_service(continuation: Callable[[grpc.HandlerCallDetails], grpc.RpcMethodHandler[_Request, _Response] | None], handler_call_details: HandlerCallDetails) grpc.RpcMethodHandler[_Request, _Response] | None[source]¶
Intercepts incoming RPCs before handing them over to a handler.
- Args:
- continuation: A function that takes a HandlerCallDetails and
proceeds to invoke the next interceptor in the chain, if any, or the RPC handler lookup logic, with the call details passed as an argument, and returns an RpcMethodHandler instance if the RPC is considered serviced, or None otherwise.
handler_call_details: A HandlerCallDetails describing the RPC.
- Returns:
An RpcMethodHandler with which the RPC may be serviced if the interceptor chooses to service this RPC, or None otherwise.
- class daklib.rpc_auth.Token(hash: str, sub: str, scopes: frozenset[str], active: bool, exp: datetime.date | None)[source]¶
- class daklib.rpc_auth.TokenAuth(tokens: dict[str, Token])[source]¶
- authenticate(token: str) AuthResult | None[source]¶
- daklib.rpc_auth.require_any_scope(context: ServicerContext, scopes: Collection[str]) AuthResult[source]¶
Get the current authentication and verify it has at least one of the given scopes, or abort with PERMISSION_DENIED.
- daklib.rpc_auth.require_auth(context: ServicerContext) AuthResult[source]¶
Get the current authentication or abort with UNAUTHENTICATED.
- daklib.rpc_auth.require_scope(context: ServicerContext, scope: str) AuthResult[source]¶
Get the current authentication and verify it has the given scope, or abort with PERMISSION_DENIED.