lomas_server.auth package

Submodules

lomas_server.auth.auth module

class lomas_server.auth.auth.FreePassAuthenticator(*, authentication_type: Literal[AuthenticationType.FREE_PASS])[source]

Bases: BaseModel

Authenticator that Bypass Auth.

authentication_type: Literal[AuthenticationType.FREE_PASS]
model_config: ClassVar[ConfigDict] = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class lomas_server.auth.auth.OIDCAuthenticator(*, authentication_type: Literal[AuthenticationType.OIDC], oidc_discovery_url: HttpUrl, query_userinfo: bool)[source]

Bases: BaseModel

Authenticator that identifies users by either validating the provided JWT token querying the userinfo endpoint.

authentication_type: Literal[AuthenticationType.OIDC]

The OpenId connect provider’s discovery url.

property jwk_client: PyJWKClient[source]

Initializes instance PyJWKClient with caching.

model_config: ClassVar[ConfigDict] = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

property oidc_config: OIDCConfig[source]

Returns the oidc provider config.

oidc_discovery_url: HttpUrl

Whether to use the access token to query userinfo endpoint.

If false, access token is parsed as jwt.

query_userinfo: bool
lomas_server.auth.auth.authorize_user(user: UserId, admin_database: AdminDatabase, security_scopes: SecurityScopes) None[source]

Raises an UnauthorizedAccessExpection if the user does not have the permission for the given scopes.

Also raises an exception if an unknown scope is required.

Parameters:

  • user (UserId) – The user id object

  • admin_database (AdminDatabase) – The admin database to get user permissions from.

  • security_scopes (SecurityScopes) – The required scopes.

lomas_server.auth.auth.get_user_id(authenticator: Annotated[FreePassAuthenticator | OIDCAuthenticator, FieldInfo(annotation=NoneType, required=True, discriminator='authentication_type')], auth_creds: HTTPAuthorizationCredentials) UserId[source]

Extracts user id from bearer token.

Fails if user does not have scope.

Parameters:

  • authenticator (AuthenticatorT) – A valid authenticator (FreePassAuthenticator or OIDC Authenticator)

  • security_scopes (SecurityScopes) – The required scopes for the endpoint.

  • auth_creds (HTTPAuthorizationCredentials) – Authorization credentials.

Returns:

The UserId object containing user infos.

Return type:

UserId

Module contents