OIDCProvider¶

class gafaelfawr.providers.oidc.OIDCProvider(*, config, verifier, http_client, logger)¶

Authenticate a user with GitHub.

Parameters:

config (OIDCConfig) – OpenID Connect authentication provider configuration.
verifier (OIDCTokenVerifier) – JWT token verifier for OpenID Connect tokens.
http_client (AsyncClient) – Session to use to make HTTP requests.
logger (BoundLogger) – Logger for any log messages.

Methods Summary

`create_user_info`(code, state, session)	Given the code from a successful authentication, get a token.
`get_redirect_url`(state)	Get the login URL to which to redirect the user.
`logout`(session)	User logout callback.

Methods Documentation

async create_user_info(code, state, session)¶

Given the code from a successful authentication, get a token.

Parameters:

Returns:

The user information corresponding to that authentication.

Return type:

TokenUserInfo

Raises:

FirestoreError – Raised if retrieving or assigning a UID from Firestore failed.
LDAPError – Raised if Gafaelfawr was configured to get user groups, username, or numeric UID from LDAP, but the attempt failed due to some error.
OIDCError – Raised if the OpenID Connect provider responded with an error to a request, the token could not be validated, or the syntax of the resulting token was not valid.
OIDCWebError – An HTTP client error occurred trying to talk to the authentication provider.
PermissionDeniedError – Raised if the username was invalid.

get_redirect_url(state)¶

Get the login URL to which to redirect the user.

async logout(session)¶

User logout callback.

Currently, this does nothing.

Parameters:: session (State) – The session state, which contains the GitHub access token.
Return type:: None