swh.web.auth.models module

class swh.web.auth.models.OIDCUser(*args, **kwargs)

Bases: django.contrib.auth.models.User

Custom User proxy model for remote users storing OpenID Connect related data: profile containing authentication tokens.

The model is also not saved to database as all users are already stored in the Keycloak one.

sub: str = ''

access_token: Optional[str] = None

expires_at: Optional[datetime.datetime] = None

id_token: Optional[str] = None

refresh_token: Optional[str] = None

refresh_expires_at: Optional[datetime.datetime] = None

scope: Optional[str] = None

session_state: Optional[str] = None

permissions: Set[str]

save(**kwargs)

Override django.db.models.Model.save to avoid saving the remote users to web application database.

get_group_permissions(obj=None) → Set[str]

Override django.contrib.auth.models.PermissionsMixin.get_group_permissions to get permissions from OIDC

get_all_permissions(obj=None) → Set[str]

Override django.contrib.auth.models.PermissionsMixin.get_all_permissions to get permissions from OIDC

has_perm(perm, obj=None) → bool

Override django.contrib.auth.models.PermissionsMixin.has_perm to check permission from OIDC

has_module_perms(app_label) → bool

Override django.contrib.auth.models.PermissionsMixin.has_module_perms to check permissions from OIDC.

exception DoesNotExist

Bases: django.contrib.auth.models.User.DoesNotExist

exception MultipleObjectsReturned

Bases: django.contrib.auth.models.User.MultipleObjectsReturned