OIDCProvider

class gafaelfawr.providers.oidc.OIDCProvider(*, config: OIDCConfig, verifier: TokenVerifier, issuer: TokenIssuer, session_store: SessionStore, http_session: ClientSession, logger: BoundLogger)

Bases: gafaelfawr.providers.base.Provider

Authenticate a user with GitHub.

Parameters:

• config (gafaelfawr.config.OIDCConfig) – Configuration for the OpenID Connect authentication provider.
• verifier (gafaelfawr.verify.TokenVerifier) – Token verifier to use to verify the token returned by the provider.
• issuer (gafaelfawr.issuer.TokenIssuer) – Issuer to use to generate new tokens.
• session_store (gafaelfawr.session.SessionStore) – Store for authentication sessions.
• http_session (aiohttp.ClientSession) – Session to use to make HTTP requests.
• logger (structlog.BoundLogger) – Logger for any log messages.

Methods Summary

create_session(code, state)	Given the code from a successful authentication, get a token.
get_redirect_url(state)	Get the login URL to which to redirect the user.

Methods Documentation

create_session(code: str, state: str) → gafaelfawr.session.Session

Given the code from a successful authentication, get a token.

Parameters:

• code (str) – Code returned by a successful authentication.
• state (str) – The same random string used for the redirect URL.

Returns:

session – The new authentication session.

Return type:

gafaelfawr.session.Session

Raises:

• aiohttp.ClientResponseError – An HTTP client error occurred trying to talk to the authentication provider.
• jwt.exceptions.InvalidTokenError – The token returned by the OpenID Connect provider was invalid.
• OIDCException – The OpenID Connect provider responded with an error to a request.

get_redirect_url(state: str) → str

Get the login URL to which to redirect the user.

Parameters:state (str) – A random string used for CSRF protection. Returns:url – The encoded URL to which to redirect the user. Return type:str