OIDCServerConfig¶

class gafaelfawr.config.OIDCServerConfig(issuer, key_id, keypair, lifetime, clients, data_rights_mapping)¶

Bases: object

Configuration for the OpenID Connect server.

Parameters:

issuer (str)
key_id (str)
keypair (RSAKeyPair)
lifetime (timedelta)
clients (tuple[OIDCClient, ...])
data_rights_mapping (Mapping[str, frozenset[str]])

Attributes Summary

`clients`	Supported OpenID Connect clients.
`data_rights_mapping`	Mapping of group names to keywords for data releases.
`issuer`	iss (issuer) field in issued tokens.
`key_id`	kid (key ID) header field in issued tokens.
`keypair`	RSA key pair for signing and verifying issued tokens.
`lifetime`	Lifetime of issued tokens.

Attributes Documentation

clients: tuple[OIDCClient, ...]¶: Supported OpenID Connect clients.

data_rights_mapping: Mapping[str, frozenset[str]]¶

Mapping of group names to keywords for data releases.

Indicates that membership in the given group grants access to that set of data releases. Used to construct the data_rights claim, which can be requested by asking for the rubin scope.

issuer: str¶: iss (issuer) field in issued tokens.

key_id: str¶: kid (key ID) header field in issued tokens.

keypair: RSAKeyPair¶: RSA key pair for signing and verifying issued tokens.

lifetime: timedelta¶: Lifetime of issued tokens.