swh.web.auth.utils module¶
-
swh.web.auth.utils.gen_oidc_pkce_codes() → Tuple[str, str][source]¶ Generates a code verifier and a code challenge to be used with the OpenID Connect authorization code flow with PKCE (“Proof Key for Code Exchange”, see https://tools.ietf.org/html/rfc7636).
PKCE replaces the static secret used in the standard authorization code flow with a temporary one-time challenge, making it feasible to use in public clients.
The implementation is inspired from that blog post: https://www.stefaanlippens.net/oauth-code-flow-pkce.html
-
swh.web.auth.utils.encrypt_data(data: bytes, password: bytes, salt: bytes) → bytes[source]¶ Encrypt data using Fernet system (symmetric encryption).
- Parameters
data – input data to encrypt
password – user password that will be used to generate a Fernet key derivation function
salt – value that will be used to generate a Fernet key derivation function
- Returns
The encrypted data
-
swh.web.auth.utils.decrypt_data(data: bytes, password: bytes, salt: bytes) → bytes[source]¶ Decrypt data using Fernet system (symmetric encryption).
- Parameters
data – input data to decrypt
password – user password that will be used to generate a Fernet key derivation function
salt – value that will be used to generate a Fernet key derivation function
- Returns
The decrypted data
-
swh.web.auth.utils.get_oidc_client(client_id: str = 'swh-web') → swh.web.auth.keycloak.KeycloakOpenIDConnect[source]¶ Instantiate a KeycloakOpenIDConnect class for a given client in the SoftwareHeritage realm.
- Parameters
client_id – client identifier in the SoftwareHeritage realm
- Returns
An object to ease the interaction with the Keycloak server