swh.web.auth.models module

class swh.web.auth.models.OIDCUser(*args, **kwargs)[source]

Bases: django.contrib.auth.models.User

Custom User proxy model for remote users storing OpenID Connect related data: profile containing authentication tokens.

The model is also not saved to database as all users are already stored in the Keycloak one.

sub: str = ''
access_token: Optional[str] = None
expires_at: Optional[datetime.datetime] = None
id_token: Optional[str] = None
refresh_token: Optional[str] = None
refresh_expires_at: Optional[datetime.datetime] = None
scope: Optional[str] = None
session_state: Optional[str] = None
permissions: Set[str]
save(**kwargs)[source]

Override django.db.models.Model.save to avoid saving the remote users to web application database.

get_group_permissions(obj=None) → Set[str][source]

Override django.contrib.auth.models.PermissionsMixin.get_group_permissions to get permissions from OIDC

get_all_permissions(obj=None) → Set[str][source]

Override django.contrib.auth.models.PermissionsMixin.get_all_permissions to get permissions from OIDC

has_perm(perm, obj=None) → bool[source]

Override django.contrib.auth.models.PermissionsMixin.has_perm to check permission from OIDC

has_module_perms(app_label) → bool[source]

Override django.contrib.auth.models.PermissionsMixin.has_module_perms to check permissions from OIDC.

exception DoesNotExist

Bases: django.contrib.auth.models.User.DoesNotExist

exception MultipleObjectsReturned

Bases: django.contrib.auth.models.User.MultipleObjectsReturned