spresso.model.authentication package¶
Submodules¶
spresso.model.authentication.identity_assertion module¶
-
class
IdentityAssertion
(**kwargs)[source]¶ Bases:
spresso.model.authentication.identity_assertion.IdentityAssertionBase
-
decrypt
(data)[source]¶ Decrypt the encrypted Identity Assertion.
Parameters: data (str) – The encrypted IA as serialized JSON. Returns: The decrypted IA as serialized JSON. Return type: bytes Raises: ValueError
– A required parameter of the encrypted IA is missing.
-
sign
()[source]¶ Method for signing the identity assertion.
Returns: The b64-encoded signature.
Return type: Raises: ValueError
– Attempt of creating a signature from a malformed IA.InvalidSettings
– The private key is missing.
-
verify
(signature)[source]¶ Verifies with a public key from whom the data came that it was indeed signed by their private key.
Parameters: signature (bytes) – The Identity Assertion as serialized JSON.
Raises: ValueError
– A required parameter to perform the verification- is missing.
InvalidSignature
– The signature verification of the IA failed.
-
-
class
IdentityAssertionBase
(**kwargs)[source]¶ Bases:
spresso.model.base.Composition
,spresso.model.base.SettingsMixin
Basic Identity Assertion Class. The template instances ‘signature’ and ‘expected_signature’ can be extended to hold further information. Object is used by IdP and RP.
-
from_request
(request)[source]¶ Load an Identity Assertion from a request object.
Parameters: request ( Request
) – The request instance.
-
from_session
(session)[source]¶ Load an Identity Assertion from a
Session
object.Parameters: session ( Session
) – The session instance.
-
template
= {'tag': None, 'email': None, 'forwarder_domain': None}¶
-
spresso.model.authentication.json_schema module¶
JSON schema definitions.
-
class
AuthenticationJsonSchema
[source]¶ Bases:
spresso.model.base.JsonSchema
Base resource folder.
-
resource_path
= 'resources/authentication/'¶
-
-
class
IdentityAssertionDefinition
[source]¶ Bases:
spresso.model.authentication.json_schema.AuthenticationJsonSchema
Identity Assertion schmema definition.
-
file_path
= 'json/ia_sig.json'¶
-
ia
= 'ia_signature'¶
-
-
class
StartLoginDefinition
[source]¶ Bases:
spresso.model.authentication.json_schema.AuthenticationJsonSchema
StartLogin schema definition.
-
file_path
= 'json/start_login.json'¶
-
forwarder_domain
= 'forwarder_domain'¶
-
login_session_token
= 'login_session_token'¶
-
tag_key
= 'tag_key'¶
-
-
class
WellKnownInfoDefinition
[source]¶ Bases:
spresso.model.authentication.json_schema.AuthenticationJsonSchema
Well Known Info schema definition.
-
file_path
= 'json/wk_info.json'¶
-
public_key
= 'public_key'¶
-
spresso.model.authentication.request module¶
-
class
IdpInfoRequest
(netloc, **kwargs)[source]¶ Bases:
spresso.model.base.SettingsMixin
Class to retrieve the well-known information from the IdP. Extend this implementation by making requests over the Tor network to ensure privacy.
spresso.model.authentication.session module¶
-
class
Session
(user, idp_info, **kwargs)[source]¶ Bases:
spresso.model.base.SettingsMixin
Session object, used by the Relying Party. Validates input parameters. Processes the Tag and generates the login URL.
spresso.model.authentication.tag module¶
-
class
Tag
(rp_origin, rp_nonce, key, iv, **kwargs)[source]¶ Bases:
spresso.model.authentication.tag.TagBase
Tag definition, providing a method for the encryption of a Tag.
-
class
TagBase
(rp_origin, rp_nonce, key, iv, **kwargs)[source]¶ Bases:
spresso.model.base.Composition
Base for a Tag. Can be extended to hold further information.
-
max_domain_length
= 256¶
-
template
= {'rp_nonce': None, 'rp_origin': None}¶
-