Authentication

class Auth(domain='https://accounts.descarteslabs.com', scope=None, leeway=500, token_info_path='/root/.descarteslabs/token_info.json', client_id=None, client_secret=None, jwt_token=None, refresh_token=None)[source]

Authentication client used to authenticate with all Descartes Labs service APIs.

Helps retrieve JWT from a client id and refresh token for cli usage.

Parameters:
  • domain (str) – The endpoint for auth0
  • scope (list(str) or None) – The JWT fields to be included
  • leeway (int) – JWT expiration leeway
  • token_info_path (str or None) – Path to a JSON file optionally holding auth information
  • client_id (str or None) – JWT client id
  • client_secret (str or None) – JWT client secret
  • jwt_token (str or None) – The JWT token, if we already have one
  • refresh_token (str or None) – The refresh token
classmethod from_environment_or_token_json(**kwargs)[source]

Creates an Auth object from environment variables CLIENT_ID, CLIENT_SECRET, JWT_TOKEN if they are set, or else from a JSON file at the given path.

Parameters:
  • domain (str) – The endpoint for auth0
  • scope (list(str) or None) – The JWT fields to be included
  • leeway (int) – JWT expiration leeway
  • token_info_path (str or None) – Path to a JSON file optionally holding auth information
namespace

Gets the user namespace.

Return type:

str

Returns:

The user namespace

Raises:
  • AuthError – Raised when incomplete information has been provided.
  • OauthError – Raised when a token cannot be obtained or refreshed.
payload

Gets the token payload.

Return type:

dict

Returns:

Dictionary containing the fields specified by scope, which may include:

name:           The name of the user.
groups:         Groups to which the user belongs.
org:            The organization to which the user belongs.
email:          The email address of the user.
email_verified: True if the user's email has been verified.
sub:            The user identifier.
exp:            The expiration time of the token, in seconds since
                the start of the unix epoch.

Raises:
  • AuthError – Raised when incomplete information has been provided.
  • OauthError – Raised when a token cannot be obtained or refreshed.
session

Gets the request session used to communicate with the OAuth server.

Return type:requests.Session
Returns:Session object
token

Gets the token.

Return type:

str

Returns:

The JWT token string.

Raises:
  • AuthError – Raised when incomplete information has been provided.
  • OauthError – Raised when a token cannot be obtained or refreshed.