keystone.api.auth module

class keystone.api.auth.AuthAPI(blueprint_url_prefix='', api_url_prefix='', default_mediatype='application/json', decorators=None, errors=None)[source]

Bases: keystone.server.flask.common.APIBase

resource_mapping = [resource_map(resource=<class 'keystone.api.auth.AuthProjectsResource'>, url='/auth/projects', alternate_urls=[{'url': '/OS-FEDERATION/projects', 'json_home': json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/projects', status='stable', path_vars={})}], kwargs={}, json_home_data=json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/rel/auth_projects', status='stable', path_vars={})), resource_map(resource=<class 'keystone.api.auth.AuthDomainsResource'>, url='/auth/domains', alternate_urls=[{'url': '/OS-FEDERATION/domains', 'json_home': json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/domains', status='stable', path_vars={})}], kwargs={}, json_home_data=json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/rel/auth_domains', status='stable', path_vars={})), resource_map(resource=<class 'keystone.api.auth.AuthSystemResource'>, url='/auth/system', alternate_urls=None, kwargs={}, json_home_data=json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/rel/auth_system', status='stable', path_vars={})), resource_map(resource=<class 'keystone.api.auth.AuthCatalogResource'>, url='/auth/catalog', alternate_urls=None, kwargs={}, json_home_data=json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/rel/auth_catalog', status='stable', path_vars={})), resource_map(resource=<class 'keystone.api.auth.AuthTokenOSPKIResource'>, url='/auth/tokens/OS-PKI/revoked', alternate_urls=None, kwargs={}, json_home_data=json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/ext/OS-PKI/1.0/rel/revocations', status='stable', path_vars={})), resource_map(resource=<class 'keystone.api.auth.AuthTokenResource'>, url='/auth/tokens', alternate_urls=None, kwargs={}, json_home_data=json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/rel/auth_tokens', status='stable', path_vars={}))]
resources = []
class keystone.api.auth.AuthCatalogResource[source]

Bases: keystone.api.auth._AuthFederationWebSSOBase

get()[source]

Get service catalog for token.

GET/HEAD /v3/auth/catalog

methods: t.ClassVar[t.Optional[t.Collection[str]]] = {'GET'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class keystone.api.auth.AuthDomainsResource[source]

Bases: keystone.server.flask.common.ResourceBase

collection_key = 'domains'
get()[source]

Get possible domain scopes for token.

GET/HEAD /v3/auth/domains GET/HEAD /v3/OS-FEDERATION/domains

member_key = 'domain'
methods: t.ClassVar[t.Optional[t.Collection[str]]] = {'GET'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class keystone.api.auth.AuthFederationAPI(blueprint_url_prefix='', api_url_prefix='', default_mediatype='application/json', decorators=None, errors=None)[source]

Bases: keystone.server.flask.common.APIBase

resource_mapping = [resource_map(resource=<class 'keystone.api.auth.AuthFederationSaml2Resource'>, url='/auth/OS-FEDERATION/saml2', alternate_urls=None, kwargs={}, json_home_data=json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/saml2', status='stable', path_vars={})), resource_map(resource=<class 'keystone.api.auth.AuthFederationSaml2ECPResource'>, url='/auth/OS-FEDERATION/saml2/ecp', alternate_urls=None, kwargs={}, json_home_data=json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/ecp', status='stable', path_vars={})), resource_map(resource=<class 'keystone.api.auth.AuthFederationWebSSOResource'>, url='/auth/OS-FEDERATION/websso/<string:protocol_id>', alternate_urls=None, kwargs={}, json_home_data=json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/websso', status='stable', path_vars={'protocol_id': 'https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/param/protocol_id'})), resource_map(resource=<class 'keystone.api.auth.AuthFederationWebSSOIDPsResource'>, url='/auth/OS-FEDERATION/identity_providers/<string:idp_id>/protocols/<string:protocol_id>/websso', alternate_urls=None, kwargs={}, json_home_data=json_home_data(rel='https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/identity_providers_websso', status='stable', path_vars={'idp_id': 'https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/param/idp_id', 'protocol_id': 'https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/param/protocol_id'}))]
resources = []
class keystone.api.auth.AuthFederationSaml2ECPResource[source]

Bases: keystone.api.auth._AuthFederationWebSSOBase

get()[source]
methods: t.ClassVar[t.Optional[t.Collection[str]]] = {'GET', 'POST'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post()[source]

Exchange a scoped token for an ECP assertion.

POST /v3/auth/OS-FEDERATION/saml2/ecp

class keystone.api.auth.AuthFederationSaml2Resource[source]

Bases: keystone.api.auth._AuthFederationWebSSOBase

get()[source]
methods: t.ClassVar[t.Optional[t.Collection[str]]] = {'GET', 'POST'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post()[source]

Exchange a scoped token for a SAML assertion.

POST /v3/auth/OS-FEDERATION/saml2

class keystone.api.auth.AuthFederationWebSSOIDPsResource[source]

Bases: keystone.api.auth._AuthFederationWebSSOBase

get(idp_id, protocol_id)[source]
methods: t.ClassVar[t.Optional[t.Collection[str]]] = {'GET', 'POST'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post(idp_id, protocol_id)[source]
class keystone.api.auth.AuthFederationWebSSOResource[source]

Bases: keystone.api.auth._AuthFederationWebSSOBase

get(protocol_id)[source]
methods: t.ClassVar[t.Optional[t.Collection[str]]] = {'GET', 'POST'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post(protocol_id)[source]
class keystone.api.auth.AuthProjectsResource[source]

Bases: keystone.server.flask.common.ResourceBase

collection_key = 'projects'
get()[source]

Get possible project scopes for token.

GET/HEAD /v3/auth/projects GET/HEAD /v3/OS-FEDERATION/projects

member_key = 'project'
methods: t.ClassVar[t.Optional[t.Collection[str]]] = {'GET'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class keystone.api.auth.AuthSystemResource[source]

Bases: keystone.api.auth._AuthFederationWebSSOBase

get()[source]

Get possible system scopes for token.

GET/HEAD /v3/auth/system

methods: t.ClassVar[t.Optional[t.Collection[str]]] = {'GET'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class keystone.api.auth.AuthTokenOSPKIResource[source]

Bases: flask_restful.Resource

get()[source]

Deprecated; get revoked token list.

GET/HEAD /v3/auth/tokens/OS-PKI/revoked

methods: t.ClassVar[t.Optional[t.Collection[str]]] = {'GET'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class keystone.api.auth.AuthTokenResource[source]

Bases: keystone.api.auth._AuthFederationWebSSOBase

delete()[source]

Revoke a token.

DELETE /v3/auth/tokens

get()[source]

Validate a token.

HEAD/GET /v3/auth/tokens

methods: t.ClassVar[t.Optional[t.Collection[str]]] = {'DELETE', 'GET', 'POST'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post()[source]

Issue a token.

POST /v3/auth/tokens