keystonemiddleware.external_oauth2_token module

class keystonemiddleware.external_oauth2_token.AbstractAuthClient(session, introspect_endpoint, audience, client_id, func_get_config_option, logger)

Bases: object

Abstract http client using to access the OAuth2.0 Server.

abstract introspect(access_token)

Access the introspect API.

class keystonemiddleware.external_oauth2_token.ClientSecretBasicAuthClient(session, introspect_endpoint, audience, client_id, func_get_config_option, logger)

Bases: AbstractAuthClient

Http client with the auth method ‘client_secret_basic’.

introspect(access_token)

Access the introspect API.

Access the Introspect API to verify the access token by the auth method ‘client_secret_basic’.

class keystonemiddleware.external_oauth2_token.ClientSecretJwtAuthClient(session, introspect_endpoint, audience, client_id, func_get_config_option, logger)

Bases: AbstractAuthClient

Http client with the auth method ‘client_secret_jwt’.

introspect(access_token)

Access the introspect API.

Access the Introspect API to verify the access token by the auth method ‘client_secret_jwt’.

class keystonemiddleware.external_oauth2_token.ClientSecretPostAuthClient(session, introspect_endpoint, audience, client_id, func_get_config_option, logger)

Bases: AbstractAuthClient

Http client with the auth method ‘client_secret_post’.

introspect(access_token)

Access the introspect API.

Access the Introspect API to verify the access token by the auth method ‘client_secret_post’.

class keystonemiddleware.external_oauth2_token.ExternalAuth2Protocol(application, conf)

Bases: object

Middleware that handles External Server OAuth2.0 authentication.

process_request(request)

Process request.

Parameters:

request (_request.AuthTokenRequest) – Incoming request

process_response(response)

Process Response.

Add WWW-Authenticate headers to requests that failed with 401 Unauthenticated so users know where to authenticate for future requests.

exception keystonemiddleware.external_oauth2_token.ForbiddenToken

Bases: KeystoneMiddlewareException

Raise a ForbiddenToken Error.

When can not get necessary information from the token, this error will be thrown.

exception keystonemiddleware.external_oauth2_token.InvalidToken

Bases: KeystoneMiddlewareException

Raise an InvalidToken Error.

When can not get necessary information from the token, this error will be thrown.

class keystonemiddleware.external_oauth2_token.PrivateKeyJwtAuthClient(session, introspect_endpoint, audience, client_id, func_get_config_option, logger)

Bases: AbstractAuthClient

Http client with the auth method ‘private_key_jwt’.

introspect(access_token)

Access the introspect API.

Access the Introspect API to verify the access token by the auth method ‘private_key_jwt’.

exception keystonemiddleware.external_oauth2_token.ServiceError

Bases: KeystoneMiddlewareException

Raise a ServiceError.

When can not verify any tokens, this error will be thrown.

class keystonemiddleware.external_oauth2_token.TlsClientAuthClient(session, introspect_endpoint, audience, client_id, func_get_config_option, logger)

Bases: AbstractAuthClient

Http client with the auth method ‘tls_client_auth’.

introspect(access_token)

Access the introspect API.

Access the Introspect API to verify the access token by the auth method ‘tls_client_auth’.

keystonemiddleware.external_oauth2_token.filter_factory(global_conf, **local_conf)

Return a WSGI filter app for use with paste.deploy.