keystone.token.token_formatters module¶
-
class
keystone.token.token_formatters.
ApplicationCredentialScopedPayload
[source]¶ Bases:
keystone.token.token_formatters.BasePayload
-
classmethod
assemble
(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id, access_token_id, app_cred_id)[source]¶ Assemble the payload of a token.
- Parameters
user_id – identifier of the user in the token request
methods – list of authentication methods used
system – a string including system scope information
project_id – ID of the project to scope to
domain_id – ID of the domain to scope to
expires_at – datetime of the token’s expiration
audit_ids – list of the token’s audit IDs
trust_id – ID of the trust in effect
federated_group_ids – list of group IDs from SAML assertion
identity_provider_id – ID of the user’s identity provider
protocol_id – federated protocol used for authentication
access_token_id – ID of the secret in OAuth1 authentication
app_cred_id – ID of the application credential in effect
- Returns
the payload of a token
-
classmethod
disassemble
(payload)[source]¶ Disassemble an unscoped payload into the component data.
The tuple consists of:
(user_id, methods, system, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id,` access_token_id, app_cred_id)
methods
are the auth methods.
Fields will be set to None if they didn’t apply to this payload type.
- Parameters
payload – this variant of payload
- Returns
a tuple of the payloads component data
-
version
= 9¶
-
classmethod
-
class
keystone.token.token_formatters.
BasePayload
[source]¶ Bases:
object
-
classmethod
assemble
(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id, access_token_id, app_cred_id)[source]¶ Assemble the payload of a token.
- Parameters
user_id – identifier of the user in the token request
methods – list of authentication methods used
system – a string including system scope information
project_id – ID of the project to scope to
domain_id – ID of the domain to scope to
expires_at – datetime of the token’s expiration
audit_ids – list of the token’s audit IDs
trust_id – ID of the trust in effect
federated_group_ids – list of group IDs from SAML assertion
identity_provider_id – ID of the user’s identity provider
protocol_id – federated protocol used for authentication
access_token_id – ID of the secret in OAuth1 authentication
app_cred_id – ID of the application credential in effect
- Returns
the payload of a token
-
classmethod
attempt_convert_uuid_hex_to_bytes
(value)[source]¶ Attempt to convert value to bytes or return value.
- Parameters
value – value to attempt to convert to bytes
- Returns
tuple containing boolean indicating whether user_id was stored as bytes and uuid value as bytes or the original value
-
classmethod
convert_uuid_bytes_to_hex
(uuid_byte_string)[source]¶ Generate uuid.hex format based on byte string.
- Parameters
uuid_byte_string – uuid string to generate from
- Returns
uuid hex formatted string
-
classmethod
convert_uuid_hex_to_bytes
(uuid_string)[source]¶ Compress UUID formatted strings to bytes.
- Parameters
uuid_string – uuid string to compress to bytes
- Returns
a byte representation of the uuid
-
classmethod
disassemble
(payload)[source]¶ Disassemble an unscoped payload into the component data.
The tuple consists of:
(user_id, methods, system, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id,` access_token_id, app_cred_id)
methods
are the auth methods.
Fields will be set to None if they didn’t apply to this payload type.
- Parameters
payload – this variant of payload
- Returns
a tuple of the payloads component data
-
classmethod
random_urlsafe_str_to_bytes
(s)[source]¶ Convert a string from
random_urlsafe_str()
to six.binary_type.- Return type
six.binary_type
-
version
= None¶
-
classmethod
-
class
keystone.token.token_formatters.
DomainScopedPayload
[source]¶ Bases:
keystone.token.token_formatters.BasePayload
-
classmethod
assemble
(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id, access_token_id, app_cred_id)[source]¶ Assemble the payload of a token.
- Parameters
user_id – identifier of the user in the token request
methods – list of authentication methods used
system – a string including system scope information
project_id – ID of the project to scope to
domain_id – ID of the domain to scope to
expires_at – datetime of the token’s expiration
audit_ids – list of the token’s audit IDs
trust_id – ID of the trust in effect
federated_group_ids – list of group IDs from SAML assertion
identity_provider_id – ID of the user’s identity provider
protocol_id – federated protocol used for authentication
access_token_id – ID of the secret in OAuth1 authentication
app_cred_id – ID of the application credential in effect
- Returns
the payload of a token
-
classmethod
disassemble
(payload)[source]¶ Disassemble an unscoped payload into the component data.
The tuple consists of:
(user_id, methods, system, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id,` access_token_id, app_cred_id)
methods
are the auth methods.
Fields will be set to None if they didn’t apply to this payload type.
- Parameters
payload – this variant of payload
- Returns
a tuple of the payloads component data
-
version
= 1¶
-
classmethod
-
class
keystone.token.token_formatters.
FederatedDomainScopedPayload
[source]¶ Bases:
keystone.token.token_formatters.FederatedScopedPayload
-
version
= 6¶
-
-
class
keystone.token.token_formatters.
FederatedProjectScopedPayload
[source]¶ Bases:
keystone.token.token_formatters.FederatedScopedPayload
-
version
= 5¶
-
-
class
keystone.token.token_formatters.
FederatedScopedPayload
[source]¶ Bases:
keystone.token.token_formatters.FederatedUnscopedPayload
-
classmethod
assemble
(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id, access_token_id, app_cred_id)[source]¶ Assemble the payload of a token.
- Parameters
user_id – identifier of the user in the token request
methods – list of authentication methods used
system – a string including system scope information
project_id – ID of the project to scope to
domain_id – ID of the domain to scope to
expires_at – datetime of the token’s expiration
audit_ids – list of the token’s audit IDs
trust_id – ID of the trust in effect
federated_group_ids – list of group IDs from SAML assertion
identity_provider_id – ID of the user’s identity provider
protocol_id – federated protocol used for authentication
access_token_id – ID of the secret in OAuth1 authentication
app_cred_id – ID of the application credential in effect
- Returns
the payload of a token
-
classmethod
disassemble
(payload)[source]¶ Disassemble an unscoped payload into the component data.
The tuple consists of:
(user_id, methods, system, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id,` access_token_id, app_cred_id)
methods
are the auth methods.
Fields will be set to None if they didn’t apply to this payload type.
- Parameters
payload – this variant of payload
- Returns
a tuple of the payloads component data
-
version
= None¶
-
classmethod
-
class
keystone.token.token_formatters.
FederatedUnscopedPayload
[source]¶ Bases:
keystone.token.token_formatters.BasePayload
-
classmethod
assemble
(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id, access_token_id, app_cred_id)[source]¶ Assemble the payload of a token.
- Parameters
user_id – identifier of the user in the token request
methods – list of authentication methods used
system – a string including system scope information
project_id – ID of the project to scope to
domain_id – ID of the domain to scope to
expires_at – datetime of the token’s expiration
audit_ids – list of the token’s audit IDs
trust_id – ID of the trust in effect
federated_group_ids – list of group IDs from SAML assertion
identity_provider_id – ID of the user’s identity provider
protocol_id – federated protocol used for authentication
access_token_id – ID of the secret in OAuth1 authentication
app_cred_id – ID of the application credential in effect
- Returns
the payload of a token
-
classmethod
disassemble
(payload)[source]¶ Disassemble an unscoped payload into the component data.
The tuple consists of:
(user_id, methods, system, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id,` access_token_id, app_cred_id)
methods
are the auth methods.
Fields will be set to None if they didn’t apply to this payload type.
- Parameters
payload – this variant of payload
- Returns
a tuple of the payloads component data
-
version
= 4¶
-
classmethod
-
class
keystone.token.token_formatters.
OauthScopedPayload
[source]¶ Bases:
keystone.token.token_formatters.BasePayload
-
classmethod
assemble
(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id, access_token_id, app_cred_id)[source]¶ Assemble the payload of a token.
- Parameters
user_id – identifier of the user in the token request
methods – list of authentication methods used
system – a string including system scope information
project_id – ID of the project to scope to
domain_id – ID of the domain to scope to
expires_at – datetime of the token’s expiration
audit_ids – list of the token’s audit IDs
trust_id – ID of the trust in effect
federated_group_ids – list of group IDs from SAML assertion
identity_provider_id – ID of the user’s identity provider
protocol_id – federated protocol used for authentication
access_token_id – ID of the secret in OAuth1 authentication
app_cred_id – ID of the application credential in effect
- Returns
the payload of a token
-
classmethod
disassemble
(payload)[source]¶ Disassemble an unscoped payload into the component data.
The tuple consists of:
(user_id, methods, system, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id,` access_token_id, app_cred_id)
methods
are the auth methods.
Fields will be set to None if they didn’t apply to this payload type.
- Parameters
payload – this variant of payload
- Returns
a tuple of the payloads component data
-
version
= 7¶
-
classmethod
-
class
keystone.token.token_formatters.
ProjectScopedPayload
[source]¶ Bases:
keystone.token.token_formatters.BasePayload
-
classmethod
assemble
(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id, access_token_id, app_cred_id)[source]¶ Assemble the payload of a token.
- Parameters
user_id – identifier of the user in the token request
methods – list of authentication methods used
system – a string including system scope information
project_id – ID of the project to scope to
domain_id – ID of the domain to scope to
expires_at – datetime of the token’s expiration
audit_ids – list of the token’s audit IDs
trust_id – ID of the trust in effect
federated_group_ids – list of group IDs from SAML assertion
identity_provider_id – ID of the user’s identity provider
protocol_id – federated protocol used for authentication
access_token_id – ID of the secret in OAuth1 authentication
app_cred_id – ID of the application credential in effect
- Returns
the payload of a token
-
classmethod
disassemble
(payload)[source]¶ Disassemble an unscoped payload into the component data.
The tuple consists of:
(user_id, methods, system, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id,` access_token_id, app_cred_id)
methods
are the auth methods.
Fields will be set to None if they didn’t apply to this payload type.
- Parameters
payload – this variant of payload
- Returns
a tuple of the payloads component data
-
version
= 2¶
-
classmethod
-
class
keystone.token.token_formatters.
SystemScopedPayload
[source]¶ Bases:
keystone.token.token_formatters.BasePayload
-
classmethod
assemble
(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id, access_token_id, app_cred_id)[source]¶ Assemble the payload of a token.
- Parameters
user_id – identifier of the user in the token request
methods – list of authentication methods used
system – a string including system scope information
project_id – ID of the project to scope to
domain_id – ID of the domain to scope to
expires_at – datetime of the token’s expiration
audit_ids – list of the token’s audit IDs
trust_id – ID of the trust in effect
federated_group_ids – list of group IDs from SAML assertion
identity_provider_id – ID of the user’s identity provider
protocol_id – federated protocol used for authentication
access_token_id – ID of the secret in OAuth1 authentication
app_cred_id – ID of the application credential in effect
- Returns
the payload of a token
-
classmethod
disassemble
(payload)[source]¶ Disassemble an unscoped payload into the component data.
The tuple consists of:
(user_id, methods, system, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id,` access_token_id, app_cred_id)
methods
are the auth methods.
Fields will be set to None if they didn’t apply to this payload type.
- Parameters
payload – this variant of payload
- Returns
a tuple of the payloads component data
-
version
= 8¶
-
classmethod
-
class
keystone.token.token_formatters.
TokenFormatter
[source]¶ Bases:
object
Packs and unpacks payloads into tokens for transport.
-
create_token
(user_id, expires_at, audit_ids, payload_class, methods=None, system=None, domain_id=None, project_id=None, trust_id=None, federated_group_ids=None, identity_provider_id=None, protocol_id=None, access_token_id=None, app_cred_id=None)[source]¶ Given a set of payload attributes, generate a Fernet token.
-
property
crypto
¶ Return a cryptography instance.
You can extend this class with a custom crypto @property to provide your own token encoding / decoding. For example, using a different cryptography library (e.g.
python-keyczar
) or to meet arbitrary security requirements.This @property just needs to return an object that implements
encrypt(plaintext)
anddecrypt(ciphertext)
.
-
-
class
keystone.token.token_formatters.
TrustScopedPayload
[source]¶ Bases:
keystone.token.token_formatters.BasePayload
-
classmethod
assemble
(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id, access_token_id, app_cred_id)[source]¶ Assemble the payload of a token.
- Parameters
user_id – identifier of the user in the token request
methods – list of authentication methods used
system – a string including system scope information
project_id – ID of the project to scope to
domain_id – ID of the domain to scope to
expires_at – datetime of the token’s expiration
audit_ids – list of the token’s audit IDs
trust_id – ID of the trust in effect
federated_group_ids – list of group IDs from SAML assertion
identity_provider_id – ID of the user’s identity provider
protocol_id – federated protocol used for authentication
access_token_id – ID of the secret in OAuth1 authentication
app_cred_id – ID of the application credential in effect
- Returns
the payload of a token
-
classmethod
disassemble
(payload)[source]¶ Disassemble an unscoped payload into the component data.
The tuple consists of:
(user_id, methods, system, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id,` access_token_id, app_cred_id)
methods
are the auth methods.
Fields will be set to None if they didn’t apply to this payload type.
- Parameters
payload – this variant of payload
- Returns
a tuple of the payloads component data
-
version
= 3¶
-
classmethod
-
class
keystone.token.token_formatters.
UnscopedPayload
[source]¶ Bases:
keystone.token.token_formatters.BasePayload
-
classmethod
assemble
(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id, access_token_id, app_cred_id)[source]¶ Assemble the payload of a token.
- Parameters
user_id – identifier of the user in the token request
methods – list of authentication methods used
system – a string including system scope information
project_id – ID of the project to scope to
domain_id – ID of the domain to scope to
expires_at – datetime of the token’s expiration
audit_ids – list of the token’s audit IDs
trust_id – ID of the trust in effect
federated_group_ids – list of group IDs from SAML assertion
identity_provider_id – ID of the user’s identity provider
protocol_id – federated protocol used for authentication
access_token_id – ID of the secret in OAuth1 authentication
app_cred_id – ID of the application credential in effect
- Returns
the payload of a token
-
classmethod
disassemble
(payload)[source]¶ Disassemble an unscoped payload into the component data.
The tuple consists of:
(user_id, methods, system, project_id, domain_id, expires_at_str, audit_ids, trust_id, federated_group_ids, identity_provider_id, protocol_id,` access_token_id, app_cred_id)
methods
are the auth methods.
Fields will be set to None if they didn’t apply to this payload type.
- Parameters
payload – this variant of payload
- Returns
a tuple of the payloads component data
-
version
= 0¶
-
classmethod