OIDCProvider

class gafaelfawr.providers.oidc.OIDCProvider(*, config, verifier, http_client, logger)

Bases: Provider

Authenticate a user with GitHub.

Parameters:
  • config (OIDCConfig) – OpenID Connect authentication provider configuration.

  • verifier (OIDCTokenVerifier) – JWT token verifier for OpenID Connect tokens.

  • http_client (AsyncClient) – Session to use to make HTTP requests.

  • logger (BoundLogger) – Logger for any log messages.

Methods Summary

create_user_info(code, state, session)

Given the code from a successful authentication, get a token.

get_redirect_url(state)

Get the login URL to which to redirect the user.

logout(session)

User logout callback.

Methods Documentation

async create_user_info(code, state, session)

Given the code from a successful authentication, get a token.

Parameters:
  • code (str) – Code returned by a successful authentication.

  • state (str) – The same random string used for the redirect URL, not used.

  • session (State) – The session state, not used by this provider.

Returns:

The user information corresponding to that authentication.

Return type:

TokenUserInfo

Raises:
  • FirestoreError – Raised if retrieving or assigning a UID from Firestore failed.

  • LDAPError – Raised if Gafaelfawr was configured to get user groups, username, or numeric UID from LDAP, but the attempt failed due to some error.

  • OIDCError – Raised if the OpenID Connect provider responded with an error to a request, the token could not be validated, or the syntax of the resulting token was not valid.

  • OIDCWebError – An HTTP client error occurred trying to talk to the authentication provider.

  • PermissionDeniedError – Raised if the username was invalid.

get_redirect_url(state)

Get the login URL to which to redirect the user.

Parameters:

state (str) – A random string used for CSRF protection.

Returns:

The encoded URL to which to redirect the user.

Return type:

str

async logout(session)

User logout callback.

Currently, this does nothing.

Parameters:

session (State) – The session state, which contains the GitHub access token.

Return type:

None