swh.auth.django.models module

class swh.auth.django.models.OIDCUser(*args, **kwargs)

Bases: User

Custom User proxy model for remote users storing OpenID Connect related data: profile containing authentication tokens.

The model is also not saved to database as all users are already stored in the Keycloak one.

sub: str = ''

access_token: str | None = None

expires_in: int | None = None

expires_at: datetime | None = None

id_token: str | None = None

refresh_token: str | None = None

refresh_expires_in: int | None = None

refresh_expires_at: datetime | None = None

scope: str | None = None

session_state: str | None = None

permissions: Set[str]

group_names: Set[str]

save(**kwargs)

Override django.db.models.Model.save to avoid saving the remote users to web application database.

get_group_permissions(obj=None) → Set[str]

Override django.contrib.auth.models.PermissionsMixin.get_group_permissions to get permissions from OIDC

get_all_permissions(obj=None) → Set[str]

Override django.contrib.auth.models.PermissionsMixin.get_all_permissions to get permissions from OIDC

has_perm(perm, obj=None) → bool

Override django.contrib.auth.models.PermissionsMixin.has_perm to check permission from OIDC

has_module_perms(app_label) → bool

Override django.contrib.auth.models.PermissionsMixin.has_module_perms to check permissions from OIDC.

property groups

Override django.contrib.auth.models.PermissionsMixin.groups to get groups from OIDC.

property oidc_profile: Dict[str, Any]

Returns OpenID Connect profile associated to the user as a dictionary.

exception DoesNotExist

Bases: DoesNotExist

exception MultipleObjectsReturned

Bases: MultipleObjectsReturned