arkid_client.auth.client.confidential_client 源代码
"""
Define ConfidentialAppAuthClient
"""
from arkid_client.auth.client.base import AuthClient
from arkid_client.authorizers import NullAuthorizer
from arkid_client.authorizers import BasicAuthorizer
from arkid_client.exceptions import ArkIDSDKUsageError
[文档]class ConfidentialAppAuthClient(AuthClient):
"""
与 ArkID 认证服务端进行通信的 ``AuthClient`` 类型的认证客户端。
此客户端必须是已受到 ArkID 官方高度信任的第三方客户端,可凭借
``username`` 和 ``password`` 直接向 ArkID 认证端发起授权请求。
最终,它将得到 ArkID 官方默认的认证凭证 ``oneid_token`` 。
**Methods**
* :py:meth:`.start_auth`
* :py:meth:`.get_token`
* :py:meth:`.auth_to_get_token`
* :py:meth:`.revoke_token`
* :py:meth:`.auth_token`
* :py:meth:`.get_authorizer`
"""
allowed_authorizer_types = [
NullAuthorizer,
BasicAuthorizer,
]
def __init__(self, base_url, **kwargs):
if "authorizer" in kwargs:
self.logger.error("参数错误:(`ConfidentialAppClient.authorizer` 非法传入)")
raise ArkIDSDKUsageError('无法给 < ConfidentialAppAuthClient > 类型客户端装载任何授权器。')
AuthClient.__init__(self, authorizer=NullAuthorizer(), base_url=base_url, **kwargs)
self.__certification = None
self.logger.info("客户端初始化完成")
[文档] def start_auth(self, username: str, password: str):
"""
开始进行身份认证
(``POST /siteapi/v1/ucenter/login/``)
**Parameters**
``username`` (*string*)
用户唯一标识
``password`` (*string*)
密码
**Examples**
>>> caac = arkid_client.ConfidentialAppAuthClient(...)
>>> caac.start_auth(username, password)
"""
self.logger.info("启动 ArkID 官方认证(用户名 + 密码)")
body = {'username': username, 'password': password}
self.__certification = self.post(path='login/', json_body=body)
return self.__certification
[文档] def get_token(self):
"""
获取 ``oneid_token``
**Examples**
>>> caac = arkid_client.ConfidentialAppAuthClient(...)
>>> caac.start_auth('<username>', '<password>')
>>> token = caac.get_token()
"""
return self.__certification.get('token')
[文档] def auth_to_get_token(self, _username: str, _password: str):
"""
简化 ``oneid_token`` 的获取流程,大多数时候比传统的获取方式更轻松。
(``POST /siteapi/v1/ucenter/login/``)
**Parameters**
``username`` (*string*)
用户唯一标识
``password`` (*string*)
密码
**Examples**
>>> caac = arkid_client.ConfidentialAppAuthClient(...)
>>> token = caac.auth_to_get_token(_username, _password)
"""
self.start_auth(_username, _password)
return self.get_token()
[文档] def revoke_token(self, authorizer: BasicAuthorizer):
"""
撤销 ``oneid_token``
(``POST /siteapi/v1/revoke/token/``)
**Parameters**
``authorizer`` (*BasicAuthorizer*)
特指 < BasicAuthorizer > 类型的授权器
**Examples**
>>> caac = arkid_client.ConfidentialAppAuthClient(...)
>>> token = caac.revoke_token(authorizer)
"""
_service = self.service
self.reload_service_url('revoke')
_authorizer = self.authorizer
self.reload_authorizer(authorizer)
self.logger.info("正在调用 ConfidentialAppAuthClient.revoke_token() 接口与 ArkID 服务端进行交互")
response = self.post(path='token/')
self.reload_service_url(_service)
self.reload_authorizer(_authorizer)
return response
[文档] def auth_token(self, authorizer: BasicAuthorizer):
"""
校验 ``oneid_token`` 所代表的用户是否有某特定权限
(``GET /siteapi/v1/auth/token/``)
**Parameters**
``authorizer`` (*BasicAuthorizer*)
特指 < BasicAuthorizer > 类型的授权器
**Examples**
>>> caac = arkid_client.ConfidentialAppAuthClient(...)
>>> token = caac.auth_token(authorizer)
"""
_service = self.service
self.reload_service_url('auth')
_authorizer = self.authorizer
self.reload_authorizer(authorizer)
self.logger.info("正在调用 ConfidentialAppAuthClient.auth_token() 接口与 ArkID 服务端进行交互")
response = self.get(path='token/')
self.reload_service_url(_service)
self.reload_authorizer(_authorizer)
return response
[文档] def get_authorizer(self, username: str, password: str):
"""
封装 ``self.auth_to_get_token`` 方法,
通过认证客户端直接获得有效的授权器。
(``GET /siteapi/v1/ucenter/login/``)
**Parameters**
``username`` (*string*)
用户唯一标识
``password`` (*string*)
密码
**Examples**
>>> caac = arkid_client.ConfidentialAppAuthClient(...)
>>> authorizer = caac.get_authorizer(username, password)
"""
return BasicAuthorizer(self.auth_to_get_token(username, password))