keystoneauth1.identity.v3.oidc module¶

class keystoneauth1.identity.v3.oidc.OidcAccessToken(auth_url, identity_provider, protocol, access_token, **kwargs)¶

Bases: keystoneauth1.identity.v3.oidc._OidcBase

Implementation for OpenID Connect access token reuse.

get_payload(session)¶

OidcAccessToken does not require a payload.

get_unscoped_auth_ref(session)¶

Authenticate with OpenID Connect and get back claims.

We exchange the access token upon accessing the protected Keystone endpoint (federated auth URL). This will trigger the OpenID Connect Provider to perform a user introspection and retrieve information (specified in the scope) about the user in the form of an OpenID Connect Claim. These claims will be sent to Keystone in the form of environment variables.

Parameters

session (keystoneauth1.session.Session) – a session object to send out HTTP requests.

Returns

a token data representation

Return type

keystoneauth1.access.AccessInfoV3

class keystoneauth1.identity.v3.oidc.OidcAuthorizationCode(auth_url, identity_provider, protocol, client_id, client_secret, access_token_endpoint=None, discovery_endpoint=None, access_token_type='access_token', redirect_uri=None, code=None, **kwargs)¶

Bases: keystoneauth1.identity.v3.oidc._OidcBase

Implementation for OpenID Connect Authorization Code.

get_payload(session)¶

Get an authorization grant for the “authorization_code” grant type.

Parameters

session (keystoneauth1.session.Session) – a session object to send out HTTP requests.

Returns

a python dictionary containing the payload to be exchanged

Return type

dict

grant_type = 'authorization_code'¶

class keystoneauth1.identity.v3.oidc.OidcClientCredentials(auth_url, identity_provider, protocol, client_id, client_secret, access_token_endpoint=None, discovery_endpoint=None, access_token_type='access_token', **kwargs)¶

Bases: keystoneauth1.identity.v3.oidc._OidcBase

Implementation for OpenID Connect Client Credentials.

get_payload(session)¶

Get an authorization grant for the client credentials grant type.

Parameters

session (keystoneauth1.session.Session) – a session object to send out HTTP requests.

Returns

a python dictionary containing the payload to be exchanged

Return type

dict

grant_type = 'client_credentials'¶

class keystoneauth1.identity.v3.oidc.OidcPassword(auth_url, identity_provider, protocol, client_id, client_secret, access_token_endpoint=None, discovery_endpoint=None, access_token_type='access_token', username=None, password=None, **kwargs)¶

Bases: keystoneauth1.identity.v3.oidc._OidcBase

Implementation for OpenID Connect Resource Owner Password Credential.

get_payload(session)¶

Get an authorization grant for the “password” grant type.

Parameters

session (keystoneauth1.session.Session) – a session object to send out HTTP requests.

Returns

a python dictionary containing the payload to be exchanged

Return type

dict

grant_type = 'password'¶