simple_openid_connect.client_authentication¶

Utilities and data types used when authenticating the relying party (client).

This should not be confused with authenticating a user as the user authentication at the OP is of no concern to us. Instead, these authenticate the relying party when e.g. exchanging tokens or requesting user information. It is a necessary process because while access tokens grant a relying party access to certain user information, the relying party must still identify itself to the OP when accessing that information.

For more information visit Section 9 of OpenID Connect Core 1.0 and Section 2.3 of OAuth 2.0 [RFC6749].

Classes

`AccessTokenBearerAuth`(access_token)	Authenticate requests using a given bearer token
`ClientAuthenticationMethod`()	A base class for client authentication methods which describes the interface that each method implements to authenticate requests.
`ClientSecretBasicAuth`(client_id, client_secret)	Clients that have received a client_secret value from the Authorization Server authenticate with the Authorization Server using the HTTP Basic authentication scheme.
`NoneAuth`(client_id)	The Client does not authenticate itself at the Token Endpoint, either because it uses only the Implicit Flow (and so does not use the Token Endpoint) or because it is a Public Client with no Client Secret or other authentication mechanism.

class simple_openid_connect.client_authentication.AccessTokenBearerAuth(access_token: str)[source]¶

Authenticate requests using a given bearer token

__init__(access_token: str)[source]¶

class simple_openid_connect.client_authentication.ClientAuthenticationMethod[source]¶

A base class for client authentication methods which describes the interface that each method implements to authenticate requests.

This class also extends requests AuthBase so that all derived implementations can directly be used with requests to authenticate something.

NAME: str¶: How this authentication method is called in the Openid spec

abstract property client_id: str¶: The client id which is assigned to this app

class simple_openid_connect.client_authentication.ClientSecretBasicAuth(client_id: str, client_secret: str)[source]¶

Clients that have received a client_secret value from the Authorization Server authenticate with the Authorization Server using the HTTP Basic authentication scheme.

NAME: str = 'client_secret_basic'¶: How this authentication method is called in the Openid spec

__init__(client_id: str, client_secret: str)[source]¶

Parameters:

client_id – The client id which was set or issued during client registration
client_secret – The client secret which was issued during client registration

property client_id: str¶: The client id which is assigned to this app

class simple_openid_connect.client_authentication.NoneAuth(client_id: str)[source]¶

The Client does not authenticate itself at the Token Endpoint, either because it uses only the Implicit Flow (and so does not use the Token Endpoint) or because it is a Public Client with no Client Secret or other authentication mechanism.

NAME: str = 'none'¶: How this authentication method is called in the Openid spec

__init__(client_id: str)[source]¶

property client_id: str¶: The client id which is assigned to this app