{ "info": { "author": "", "author_email": "", "bugtrack_url": null, "classifiers": [ "Intended Audience :: Developers", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python :: 3.7", "Topic :: Security", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "# Python 3 SDK for Baikal\n\nSDK to easilly generate tokens for an application in the 4th platform.\n\n> NOTE: Starting from v0.1.3, the license has changed to Apache 2.0\n\n## Installation\n\nYou can install easily with pip:\n\n```bash\npip install baikal-sdk\n```\n\n## Usage\n\n**Create a client**\n```python\nfrom clients.baikal_client import OpenIDClient\n\n\noid_client = OpenIDClient(\n 'http://auth.xxx.baikalplatform.com', # authserver endpoint\n 'your_oauth_client_id',\n 'your_oauth_client_secret',\n # For using grantUser method (jwt-bearer grant type)\n client_keys=[{ 'key': 'stringWithTheKey', format: 'pem' }], # optional\n issuer='http://yourserver.com/', # your jwt issuer id\n private_certs_path='/path/to/certs/directory', # directory to read certificates/private keys.\n verify_certs = False # Accept self signed certs for authserver communication (not used in token validation)\n)\n```\n\n**Get an access_token for a user using jwt-bearer**\n```python\naccess_token = oid_client.grant_user(\n 'userSUB',\n ['list', 'of', 'scopes'],\n ['list', 'of', 'purposes'],\n authorization_id='46921050-e97c-418b-928c-4158256be92c', # optional\n identifier={'id': 'my-phone-number', 'type': 'phone_number'} # optional\n)\n```\n**Get a client_credentials access_token**\n```python\naccess_token = oid_client.grant_client(\n scopes=['list', 'of', 'scopes'] #optional\n purposes=['list', 'of', 'purposes'] #optional\n)\n```\n\n**Expose your public keys in a server route to use with a `jwt-bearer`**\n\nIf you have configured your issuer in the authserver to read from an endpoint,\nyou should expose your public keys in an accessible route.\n\n```python\noid_client.get_jwk_set()\n```\nThis will output the public part of your keys to be directly exposed in JWK format (required by authserver and any OIDC server).\n\n## Configuration\n\nThe `OpenIDClient` configuration will be read from environment if ommited\n```inc\nexport BAIKAL_AUTHSERVER_ENDPOINT='https://auth.xxx.baikalplatform.com'\nexport BAIKAL_CLIENT_ID='your_oauth_client_id'\nexport BAIKAL_CLIENT_SECRET='your_oauth_client_secret'\nexport BAIKAL_ISSUER='http://yourserver.com/'\nexport BAIKAL_PRIVATE_CERTS_PATH='/path/to/certs/directory'\n```\n\nSupported certs format are (should match the file extension):\n* json: JSON stringified JWK\n* private: DER encoded 'raw' private key\n* pkcs8: DER encoded (unencrypted!) PKCS8 private key\n* public: DER encoded SPKI public key (alternate to 'spki')\n* spki: DER encoded SPKI public key\n* pkix: DER encoded PKIX X.509 certificate\n* x509: DER encoded PKIX X.509 certificate\n* pem: PEM encoded of PKCS8 / SPKI / PKIX\n\nGrant public methods accept a request config as the last argument,\nto allow specifying headers and timeout per-request (in seconds):\n\n```python\naccess_token = oid_client.grant_client(\n scopes=[\"scope1\"],\n headers={\n 'X-Correlator': '1234-5678-9012-3456-7890'\n },\n timeout=30\n)\n```\n\n## Generate private keys\n\nIt's not needed to have private keys generated from a secured authority. For oauth2 verify you can use self-generated keys. Here it's included some tips.\n\nIf you want to generate different keys (in JWK format) for development purpose you can use https://mkjwk.org/.\n\n### Generate a RSA private key (with SHA 256 hash, RS256) (using openssl)\n\n````bash\nopenssl genrsa -des3 -out private-rsa-protected.pem 2048\n````\n\nThis will produce a private rsa key of 2048 bits protected with a password, in order to remove the password and use directly the private key in the library you can run this:\n\n```bash\nopenssl rsa -in private-rsa-protected.pem -out private-rsa.pem\n# rm private-rsa-protected.pem\n\n```\n\nThe private-rsa.pem can be used with the library to generate assertions and to expose the public key part as stated before. Just place the pem in your directory and point the sdk private_certs_path to it.\nThe public key is automatically generated in JWK as you can check in the expose your public keys section.\n\nIt's not recommended to use rsa keys bigger than 2048 (e.g 4096) as the computational cost is not worth. It's better to have a keys rotation policy every given time (e.g. a week). It's also not recommended\nto use keys of 1024 length as it can be cracked.", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/Telefonica/baikal-sdk/python", "keywords": "", "license": "Apache 2.0", "maintainer": "4th Platform team", "maintainer_email": "4pf@telefonica.com", "name": "baikal-sdk", "package_url": "https://pypi.org/project/baikal-sdk/", "platform": "", "project_url": "https://pypi.org/project/baikal-sdk/", "project_urls": { "Homepage": "https://github.com/Telefonica/baikal-sdk/python" }, "release_url": "https://pypi.org/project/baikal-sdk/0.1.4/", "requires_dist": null, "requires_python": "", "summary": "SDK to generate tokens for the 4th Platform", "version": "0.1.4" }, "last_serial": 5841286, "releases": { "0.1.2": [ { "comment_text": "", "digests": { "md5": "f58f6e2536bf8ac73ff211603471ef3f", "sha256": "2a9cf72ef7cd3f04fb35c4e7eb6408129ab2a8c53ebf0b233cfb522df13bfd29" }, "downloads": -1, "filename": "baikal-sdk-0.1.2.tar.gz", "has_sig": false, "md5_digest": "f58f6e2536bf8ac73ff211603471ef3f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12397, "upload_time": "2019-09-12T19:55:13", "url": "https://files.pythonhosted.org/packages/11/f1/c77177ec5358d1aa839f74d4f96b5d115bd9eb042cc8ad4957180b321a18/baikal-sdk-0.1.2.tar.gz" } ], "0.1.3": [ { "comment_text": "", "digests": { "md5": "ecaf1e76f1d68d701b26d4a36babaf7c", "sha256": "a2d54ccc87d7dbb49b1016b724d24414b984622f760ded908bfcc936e51148f7" }, "downloads": -1, "filename": "baikal-sdk-0.1.3.tar.gz", "has_sig": false, "md5_digest": "ecaf1e76f1d68d701b26d4a36babaf7c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12480, "upload_time": "2019-09-12T19:58:32", "url": "https://files.pythonhosted.org/packages/3d/63/71d2da2ae49a6b81134416894e822b3f29ba6c54df4b15ec5db3395fee8a/baikal-sdk-0.1.3.tar.gz" } ], "0.1.4": [ { "comment_text": "", "digests": { "md5": "05bc6cc56750e6e31ff0b0dbe970cd78", "sha256": "2cd0f99454a1a8bb34d510e1923250b19652d1f13854eb705795ea9946bfed2a" }, "downloads": -1, "filename": "baikal-sdk-0.1.4.tar.gz", "has_sig": false, "md5_digest": "05bc6cc56750e6e31ff0b0dbe970cd78", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14444, "upload_time": "2019-09-17T11:41:39", "url": "https://files.pythonhosted.org/packages/fc/6f/6e805209fb4cb0efb2165095dcf87c78269328de9c41e16d04675648b609/baikal-sdk-0.1.4.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "05bc6cc56750e6e31ff0b0dbe970cd78", "sha256": "2cd0f99454a1a8bb34d510e1923250b19652d1f13854eb705795ea9946bfed2a" }, "downloads": -1, "filename": "baikal-sdk-0.1.4.tar.gz", "has_sig": false, "md5_digest": "05bc6cc56750e6e31ff0b0dbe970cd78", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14444, "upload_time": "2019-09-17T11:41:39", "url": "https://files.pythonhosted.org/packages/fc/6f/6e805209fb4cb0efb2165095dcf87c78269328de9c41e16d04675648b609/baikal-sdk-0.1.4.tar.gz" } ] }