keystoneauth1.identity.v3.oidc module¶
- class keystoneauth1.identity.v3.oidc.OidcAccessToken(auth_url, identity_provider, protocol, access_token, **kwargs)
Bases:
keystoneauth1.identity.v3.oidc._OidcBase
Implementation for OpenID Connect access token reuse.
- get_payload(session)
OidcAccessToken does not require a payload.
- get_unscoped_auth_ref(session)
Authenticate with OpenID Connect and get back claims.
We exchange the access token upon accessing the protected Keystone endpoint (federated auth URL). This will trigger the OpenID Connect Provider to perform a user introspection and retrieve information (specified in the scope) about the user in the form of an OpenID Connect Claim. These claims will be sent to Keystone in the form of environment variables.
- Parameters
session (keystoneauth1.session.Session) – a session object to send out HTTP requests.
- Returns
a token data representation
- Return type
keystoneauth1.access.AccessInfoV3
- class keystoneauth1.identity.v3.oidc.OidcAuthorizationCode(auth_url, identity_provider, protocol, client_id, client_secret, access_token_endpoint=None, discovery_endpoint=None, access_token_type='access_token', redirect_uri=None, code=None, **kwargs)
Bases:
keystoneauth1.identity.v3.oidc._OidcBase
Implementation for OpenID Connect Authorization Code.
- get_payload(session)
Get an authorization grant for the “authorization_code” grant type.
- Parameters
session (keystoneauth1.session.Session) – a session object to send out HTTP requests.
- Returns
a python dictionary containing the payload to be exchanged
- Return type
- grant_type = 'authorization_code'
- class keystoneauth1.identity.v3.oidc.OidcClientCredentials(auth_url, identity_provider, protocol, client_id, client_secret, access_token_endpoint=None, discovery_endpoint=None, access_token_type='access_token', **kwargs)
Bases:
keystoneauth1.identity.v3.oidc._OidcBase
Implementation for OpenID Connect Client Credentials.
- get_payload(session)
Get an authorization grant for the client credentials grant type.
- Parameters
session (keystoneauth1.session.Session) – a session object to send out HTTP requests.
- Returns
a python dictionary containing the payload to be exchanged
- Return type
- grant_type = 'client_credentials'
- class keystoneauth1.identity.v3.oidc.OidcPassword(auth_url, identity_provider, protocol, client_id, client_secret, access_token_endpoint=None, discovery_endpoint=None, access_token_type='access_token', username=None, password=None, **kwargs)
Bases:
keystoneauth1.identity.v3.oidc._OidcBase
Implementation for OpenID Connect Resource Owner Password Credential.
- get_payload(session)
Get an authorization grant for the “password” grant type.
- Parameters
session (keystoneauth1.session.Session) – a session object to send out HTTP requests.
- Returns
a python dictionary containing the payload to be exchanged
- Return type
- grant_type = 'password'