Authentication

class Auth(domain='https://accounts.descarteslabs.com', scope=None, leeway=500, token_info_path='/root/.descarteslabs/token_info.json', client_id=None, client_secret=None, jwt_token=None, refresh_token=None)[source]

Authentication client used to authenticate with all Descartes Labs service APIs.

Helps retrieve JWT from a client id and refresh token for cli usage.

Parameters
  • domain (str) – The endpoint for auth0

  • scope (list(str) or None) – The JWT fields to be included

  • leeway (int) – JWT expiration leeway

  • token_info_path (str or None) – Path to a JSON file optionally holding auth information

  • client_id (str or None) – JWT client id

  • client_secret (str or None) – JWT client secret

  • jwt_token (str or None) – The JWT token, if we already have one

  • refresh_token (str or None) – The refresh token

classmethod from_environment_or_token_json(**kwargs)[source]

Creates an Auth object from environment variables CLIENT_ID, CLIENT_SECRET, JWT_TOKEN if they are set, or else from a JSON file at the given path.

Parameters
  • domain (str) – The endpoint for auth0

  • scope (list(str) or None) – The JWT fields to be included

  • leeway (int) – JWT expiration leeway

  • token_info_path (str or None) – Path to a JSON file optionally holding auth information

property namespace

Gets the user namespace.

Return type

str

Returns

The user namespace

Raises
  • AuthError – Raised when incomplete information has been provided.

  • OauthError – Raised when a token cannot be obtained or refreshed.

property payload

Gets the token payload.

Return type

dict

Returns

Dictionary containing the fields specified by scope, which may include:

name:           The name of the user.
groups:         Groups to which the user belongs.
org:            The organization to which the user belongs.
email:          The email address of the user.
email_verified: True if the user's email has been verified.
sub:            The user identifier.
exp:            The expiration time of the token, in seconds since
                the start of the unix epoch.

Raises
  • AuthError – Raised when incomplete information has been provided.

  • OauthError – Raised when a token cannot be obtained or refreshed.

property session

Gets the request session used to communicate with the OAuth server.

Return type

requests.Session

Returns

Session object

property token

Gets the token.

Return type

str

Returns

The JWT token string.

Raises
  • AuthError – Raised when incomplete information has been provided.

  • OauthError – Raised when a token cannot be obtained or refreshed.