dotstat_io 0.2.7__tar.gz → 1.0.0__tar.gz

{dotstat_io-0.2.7 → dotstat_io-1.0.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dotstat_io
-Version: 0.2.7
+Version: 1.0.0
 Summary: Utility to download or upload data from/to .Stat Suite using ADFS authentication to connect to it
 License: MIT
 Author: Gyorgy Gyomai
@@ -11,13 +11,15 @@ Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Requires-Dist: chardet (>=5.1.0,<6.0.0)
 Requires-Dist: msal (>=1.22.0,<2.0.0)
 Requires-Dist: requests (>=2.29.0,<3.0.0)
 Requires-Dist: requests-kerberos (>=0.14.0,<0.15.0)
+Requires-Dist: setuptools (>=75.6.0,<76.0.0)
 Description-Content-Type: text/markdown
 
-### DotStat_IO: 
+### DotStat_IO package: 
 A generic python package which could be integrated with other end-user applications and Gitlab runner to perform basic io with .Stat Suite. 
 Its role is to mask the complexities of authentication to connect to .Stat Suite.
 The user needs to provide a set of parameters and the package exposes a couple of methods which will download or upload data from/to .Stat Suite.
@@ -25,19 +27,19 @@ The user needs to provide a set of parameters and the package exposes a couple o
 ### This package contains three modules:
 - ADFSAuthentication module
 - KeycloakAuthentication module
-- Download_upload module
+- Client module
 
 ### In ADFSAuthentication module, four methods are available:
 #### 1. To initialise the module for interactive use:
 ```python
 from dotstat_io.authentication import AdfsAuthentication
-with AdfsAuthentication.interactive(
+interactive_obj = AdfsAuthentication.interactive(
         client_id=client_id,
         sdmx_resource_id=sdmx_resource_id,
         scopes=scopes,
         authority_url=authority_url,
-        redirect_port=redirect_port) as Interactive_obj:
-    access_token = Interactive_obj.get_token()
+        redirect_port=redirect_port)
+
 ```
 * `client_id:` The Application (client) ID that the ADFS assigned to your app
 * `sdmx_resource_id:` The ID of the application to be accessed such as .Stat Suite
@@ -48,13 +50,13 @@ with AdfsAuthentication.interactive(
 #### 2. To initialise the module for non-interactive use using a secret: 
 ```python
 from dotstat_io.authentication import AdfsAuthentication
-with AdfsAuthentication.nointeractive_with_secret(
+noninteractive_with_secret_obj = AdfsAuthentication.noninteractive_with_secret(
         client_id=client_id,
         sdmx_resource_id=sdmx_resource_id,
         scopes=scopes,
         authority_url=authority_url,
-        client_secret=client_secret) as Nointeractive_with_secret_obj:
-    access_token = Nointeractive_with_secret_obj.get_token()
+        client_secret=client_secret)
+
 ```
 * `client_id:` The Application (client) ID that the ADFS assigned to your app
 * `sdmx_resource_id:` The ID of the application to be accessed such as .Stat Suite
@@ -65,11 +67,11 @@ with AdfsAuthentication.nointeractive_with_secret(
 #### 3. To initialise the module for non-interactive use using windows client authentication:
 ```python
 from dotstat_io.authentication import AdfsAuthentication
-with AdfsAuthentication.nointeractive_with_adfs(
+noninteractive_with_adfs_obj = AdfsAuthentication.noninteractive_with_adfs(
         client_id=client_id,
         sdmx_resource_id=sdmx_resource_id,
-        token_url=token_url) as Nointeractive_with_adfs_obj:
-    access_token = Nointeractive_with_adfs_obj.get_token()
+        token_url=token_url)
+
 ```
 * `client_id:` The Application (client) ID that the ADFS assigned to your app
 * `sdmx_resource_id:` The ID of the application to be accessed such as .Stat Suite
@@ -84,12 +86,12 @@ access_token = [Authentication Object Name].get_token()
 #### 1. To initialise the module for Keycloak authentication:
 ```python
 from dotstat_io.authentication import KeycloakAuthentication
-with KeycloakAuthentication.nointeractive_with_secret(
+noninteractive_with_keycloak_obj = KeycloakAuthentication.noninteractive_with_secret(
         user=user,
         password=password, 
         token_url=token_url, 
-        proxy=proxy) as Nointeractive_with_keycloak_obj:
-    access_token = Nointeractive_with_keycloak_obj.get_token()
+        proxy=proxy)
+
 ```
 * `user:` User name for .Stat Suite authentication
 * `password:` User name's password
@@ -101,33 +103,47 @@ with KeycloakAuthentication.nointeractive_with_secret(
 access_token = [Authentication Object Name].get_token()
 ```
 
-### In Download_upload module, four methods are available:
-#### 1. To download a file from .Stat Suite:
+### In Client module, six methods are available:
+#### 1. To initialise the module using an Authentication object type AdfsAuthentication or KeycloakAuthentication:
+```python
+from dotstat_io.client import Client
+client_obj = Client.init_with_authentication_obj(Authentication_obj)
+```
+* `Authentication_obj:` An initialized authentication object type AdfsAuthentication or KeycloakAuthentication
+
+#### 2. To initialise the module using an access token:
+```python
+from dotstat_io.client import Client
+client_obj = Client.init_with_access_token(access_token)
+```
+* `access_token:` An access token to make requests on .Stat Suite services (nsiws) using the authorisation service and underlying permission rules
+
+#### 3. To download a file from .Stat Suite:
 ```python
-from dotstat_io.download_upload import Download_upload
-with Download_upload(adfsAuthentication_obj, access_token) as Download_upload_obj:
-    Returned_Message = Download_upload_obj.download_file(
+from dotstat_io.client import Client
+client_obj = Client.init_with_authentication_obj(Authentication_obj)
+returned_result = client_obj.download_data_file(
         dotstat_url, content_format, Path(file_path))
 ```
 * `dotstat_url:` URL of data to be downloaded from .Stat Suite
 * `content_format:` Format of the downloaded content
 * `file_path:` The full path where the file will downloaded
 
-#### 2. To download streamed content from .Stat Suite:
+#### 4. To download streamed content from .Stat Suite:
 ```python
-from dotstat_io.download_upload import Download_upload
-with Download_upload(adfsAuthentication_obj, access_token) as Download_upload_obj:
-    Returned_Message = Download_upload_obj.download_stream(
+from dotstat_io.client import Client
+client_obj = Client.init_with_authentication_obj(Authentication_obj)
+returned_result = client_obj.download_data_stream(
         dotstat_url, content_format)
 ```
 * `dotstat_url:` URL of data to be downloaded from .Stat Suite
 * `content_format:` Format of the downloaded content
 
-#### 3. To upload a data file to .Stat Suite:
+#### 5. To upload a data file to .Stat Suite:
 ```python
-from dotstat_io.download_upload import Download_upload
-with Download_upload(adfsAuthentication_obj, access_token) as Download_upload_obj:
-    Returned_Message = Download_upload_obj.upload_file(
+from dotstat_io.client import Client
+client_obj = Client.init_with_authentication_obj(Authentication_obj)
+returned_result = client_obj.upload_data_file(
         transfer_url, Path(file_path), space, validationType, use_filepath)
 ```
 * `transfer_url:` URL of the transfer service
@@ -136,15 +152,15 @@ with Download_upload(adfsAuthentication_obj, access_token) as Download_upload_ob
 * `validationType:` The type of validation to use during upload. Possible values: Basic Validation (0), Advanced Validation (1)
 * `use_filepath:` Use a file path of a shared folder accessible by the .Stat Suite data upload engine (for unlimited file sizes)
 
-#### 4. To upload a structure to .Stat Suite:
+#### 6. To upload a structure to .Stat Suite:
 ```python
-from dotstat_io.download_upload import Download_upload
-with Download_upload(adfsAuthentication_obj, access_token) as Download_upload_obj:
-    Returned_Message = Download_upload_obj.upload_structure(
+from dotstat_io.client import Client
+client_obj = Client.init_with_authentication_obj(Authentication_obj)
+returned_result = client_obj.upload_structure(
         transfer_url, Path(file_path))
 ```
 * `transfer_url:` URL of the transfer service
 * `file_path:` The full path of the SDMX-ML file, which will be uploaded to .Stat Suite
 
-### For more information about how to use this package, all test cases can be accessed from this [`link`](https://gitlab.algobank.oecd.org/sdd-legacy/dotstat_io/-/blob/main/tests/test_cases.py)
+### For more information about how to use this package, all test cases can be accessed from this [`link`](https://gitlab.algobank.oecd.org/SD_ENGINEERING/dotstat_io/dotstat_io-package/-/blob/main/tests/test_cases.py)
 

{dotstat_io-0.2.7 → dotstat_io-1.0.0}/README.md

@@ -1,4 +1,4 @@
-### DotStat_IO: 
+### DotStat_IO package: 
 A generic python package which could be integrated with other end-user applications and Gitlab runner to perform basic io with .Stat Suite. 
 Its role is to mask the complexities of authentication to connect to .Stat Suite.
 The user needs to provide a set of parameters and the package exposes a couple of methods which will download or upload data from/to .Stat Suite.
@@ -6,19 +6,19 @@ The user needs to provide a set of parameters and the package exposes a couple o
 ### This package contains three modules:
 - ADFSAuthentication module
 - KeycloakAuthentication module
-- Download_upload module
+- Client module
 
 ### In ADFSAuthentication module, four methods are available:
 #### 1. To initialise the module for interactive use:
 ```python
 from dotstat_io.authentication import AdfsAuthentication
-with AdfsAuthentication.interactive(
+interactive_obj = AdfsAuthentication.interactive(
         client_id=client_id,
         sdmx_resource_id=sdmx_resource_id,
         scopes=scopes,
         authority_url=authority_url,
-        redirect_port=redirect_port) as Interactive_obj:
-    access_token = Interactive_obj.get_token()
+        redirect_port=redirect_port)
+
 ```
 * `client_id:` The Application (client) ID that the ADFS assigned to your app
 * `sdmx_resource_id:` The ID of the application to be accessed such as .Stat Suite
@@ -29,13 +29,13 @@ with AdfsAuthentication.interactive(
 #### 2. To initialise the module for non-interactive use using a secret: 
 ```python
 from dotstat_io.authentication import AdfsAuthentication
-with AdfsAuthentication.nointeractive_with_secret(
+noninteractive_with_secret_obj = AdfsAuthentication.noninteractive_with_secret(
         client_id=client_id,
         sdmx_resource_id=sdmx_resource_id,
         scopes=scopes,
         authority_url=authority_url,
-        client_secret=client_secret) as Nointeractive_with_secret_obj:
-    access_token = Nointeractive_with_secret_obj.get_token()
+        client_secret=client_secret)
+
 ```
 * `client_id:` The Application (client) ID that the ADFS assigned to your app
 * `sdmx_resource_id:` The ID of the application to be accessed such as .Stat Suite
@@ -46,11 +46,11 @@ with AdfsAuthentication.nointeractive_with_secret(
 #### 3. To initialise the module for non-interactive use using windows client authentication:
 ```python
 from dotstat_io.authentication import AdfsAuthentication
-with AdfsAuthentication.nointeractive_with_adfs(
+noninteractive_with_adfs_obj = AdfsAuthentication.noninteractive_with_adfs(
         client_id=client_id,
         sdmx_resource_id=sdmx_resource_id,
-        token_url=token_url) as Nointeractive_with_adfs_obj:
-    access_token = Nointeractive_with_adfs_obj.get_token()
+        token_url=token_url)
+
 ```
 * `client_id:` The Application (client) ID that the ADFS assigned to your app
 * `sdmx_resource_id:` The ID of the application to be accessed such as .Stat Suite
@@ -65,12 +65,12 @@ access_token = [Authentication Object Name].get_token()
 #### 1. To initialise the module for Keycloak authentication:
 ```python
 from dotstat_io.authentication import KeycloakAuthentication
-with KeycloakAuthentication.nointeractive_with_secret(
+noninteractive_with_keycloak_obj = KeycloakAuthentication.noninteractive_with_secret(
         user=user,
         password=password, 
         token_url=token_url, 
-        proxy=proxy) as Nointeractive_with_keycloak_obj:
-    access_token = Nointeractive_with_keycloak_obj.get_token()
+        proxy=proxy)
+
 ```
 * `user:` User name for .Stat Suite authentication
 * `password:` User name's password
@@ -82,33 +82,47 @@ with KeycloakAuthentication.nointeractive_with_secret(
 access_token = [Authentication Object Name].get_token()
 ```
 
-### In Download_upload module, four methods are available:
-#### 1. To download a file from .Stat Suite:
+### In Client module, six methods are available:
+#### 1. To initialise the module using an Authentication object type AdfsAuthentication or KeycloakAuthentication:
+```python
+from dotstat_io.client import Client
+client_obj = Client.init_with_authentication_obj(Authentication_obj)
+```
+* `Authentication_obj:` An initialized authentication object type AdfsAuthentication or KeycloakAuthentication
+
+#### 2. To initialise the module using an access token:
+```python
+from dotstat_io.client import Client
+client_obj = Client.init_with_access_token(access_token)
+```
+* `access_token:` An access token to make requests on .Stat Suite services (nsiws) using the authorisation service and underlying permission rules
+
+#### 3. To download a file from .Stat Suite:
 ```python
-from dotstat_io.download_upload import Download_upload
-with Download_upload(adfsAuthentication_obj, access_token) as Download_upload_obj:
-    Returned_Message = Download_upload_obj.download_file(
+from dotstat_io.client import Client
+client_obj = Client.init_with_authentication_obj(Authentication_obj)
+returned_result = client_obj.download_data_file(
         dotstat_url, content_format, Path(file_path))
 ```
 * `dotstat_url:` URL of data to be downloaded from .Stat Suite
 * `content_format:` Format of the downloaded content
 * `file_path:` The full path where the file will downloaded
 
-#### 2. To download streamed content from .Stat Suite:
+#### 4. To download streamed content from .Stat Suite:
 ```python
-from dotstat_io.download_upload import Download_upload
-with Download_upload(adfsAuthentication_obj, access_token) as Download_upload_obj:
-    Returned_Message = Download_upload_obj.download_stream(
+from dotstat_io.client import Client
+client_obj = Client.init_with_authentication_obj(Authentication_obj)
+returned_result = client_obj.download_data_stream(
         dotstat_url, content_format)
 ```
 * `dotstat_url:` URL of data to be downloaded from .Stat Suite
 * `content_format:` Format of the downloaded content
 
-#### 3. To upload a data file to .Stat Suite:
+#### 5. To upload a data file to .Stat Suite:
 ```python
-from dotstat_io.download_upload import Download_upload
-with Download_upload(adfsAuthentication_obj, access_token) as Download_upload_obj:
-    Returned_Message = Download_upload_obj.upload_file(
+from dotstat_io.client import Client
+client_obj = Client.init_with_authentication_obj(Authentication_obj)
+returned_result = client_obj.upload_data_file(
         transfer_url, Path(file_path), space, validationType, use_filepath)
 ```
 * `transfer_url:` URL of the transfer service
@@ -117,14 +131,14 @@ with Download_upload(adfsAuthentication_obj, access_token) as Download_upload_ob
 * `validationType:` The type of validation to use during upload. Possible values: Basic Validation (0), Advanced Validation (1)
 * `use_filepath:` Use a file path of a shared folder accessible by the .Stat Suite data upload engine (for unlimited file sizes)
 
-#### 4. To upload a structure to .Stat Suite:
+#### 6. To upload a structure to .Stat Suite:
 ```python
-from dotstat_io.download_upload import Download_upload
-with Download_upload(adfsAuthentication_obj, access_token) as Download_upload_obj:
-    Returned_Message = Download_upload_obj.upload_structure(
+from dotstat_io.client import Client
+client_obj = Client.init_with_authentication_obj(Authentication_obj)
+returned_result = client_obj.upload_structure(
         transfer_url, Path(file_path))
 ```
 * `transfer_url:` URL of the transfer service
 * `file_path:` The full path of the SDMX-ML file, which will be uploaded to .Stat Suite
 
-### For more information about how to use this package, all test cases can be accessed from this [`link`](https://gitlab.algobank.oecd.org/sdd-legacy/dotstat_io/-/blob/main/tests/test_cases.py)
+### For more information about how to use this package, all test cases can be accessed from this [`link`](https://gitlab.algobank.oecd.org/SD_ENGINEERING/dotstat_io/dotstat_io-package/-/blob/main/tests/test_cases.py)

dotstat_io-1.0.0/dotstat_io/authentication.py

@@ -0,0 +1,340 @@
+import requests
+import os
+import msal
+import requests_kerberos
+import json
+import time
+
+from abc import ABC
+from enum import IntEnum
+from datetime import datetime
+
+# 
+class AuthenticationMode(IntEnum):
+    INTERACTIVE = 1
+    NONINTERACTIVE_WITH_SECRET = 2
+    NONINTERACTIVE_WITH_ADFS = 3
+
+# super class to manage authentication
+class Authentication(ABC):
+
+    # protected constants
+    _ERROR_OCCURRED = "An error occurred: "
+    _SUCCESS = "Successful authentication"
+
+    # protected variables
+    _access_token = None
+    _refresh_token = None
+    _creation_time = None
+    _expiration_time = None
+
+    # public variables
+    init_status = None
+
+    # Initialise authentication
+    def __init__(
+        self,
+	    client_id: str,
+        mode: AuthenticationMode,
+        client_secret: str = None,
+	    scopes: list[str] = [],
+	    token_url: str = None,
+        sdmx_resource_id: str = None,
+        authority_url: str = None,
+        redirect_port: int = 3000,
+	    user: str = None,
+        password: str = None,
+        proxy: str = None
+    ):
+        self._client_id = client_id
+        self._mode = mode
+        self._client_secret = client_secret
+        self._scopes = scopes     
+        self._token_url = token_url
+        self._sdmx_resource_id = sdmx_resource_id
+        self._authority_url = authority_url
+        self._redirect_port = redirect_port
+        self._user = user
+        self._password = password
+
+        if proxy:
+            self._proxies = {
+                "http": proxy,
+                "https": proxy
+            }
+        else:
+            self._proxies = None
+
+        #
+        self._initialize_token()
+
+    # 
+    def __enter__(self):
+        return self
+
+    # 
+    def __exit__(self, exc_type, exc_value, traceback):
+        self._access_token = None
+        self._refresh_token = None
+        self._creation_time = None
+        self._expiration_time = None
+        self.init_status = None
+
+    # 
+    def _initialize_token(self):
+        pass
+
+    # 
+    def get_token(self):
+        if (self._access_token is None) \
+               or (datetime.fromtimestamp(self._expiration_time) is not None \
+                   and datetime.now() >= datetime.fromtimestamp(self._expiration_time)):
+            self._initialize_token()
+
+        return self._access_token
+
+
+# sub class to manage ADFS authentication using OIDC flows
+class AdfsAuthentication(Authentication):
+    # 
+    def _initialize_token(self):
+        self._access_token = None
+        self._refresh_token = None
+        self._creation_time = None
+        self._expiration_time = None
+        self.init_status = None
+        match self._mode:
+            case AuthenticationMode.INTERACTIVE:
+                self._app = msal.PublicClientApplication(
+                    self._client_id, authority=self._authority_url)
+                self.__acquire_token_interactive()
+            case AuthenticationMode.NONINTERACTIVE_WITH_SECRET:
+                self._app = msal.ConfidentialClientApplication(
+                    self._client_id, authority=self._authority_url, client_credential=self._client_secret)
+                self.__acquire_token_noninteractive_with_secret()
+            case AuthenticationMode.NONINTERACTIVE_WITH_ADFS:
+                self.__acquire_token_noninteractive_with_adfs()
+
+    #           
+    @classmethod
+    def interactive(
+        cls, 
+        client_id: str, 
+        sdmx_resource_id: str, 
+        scopes: list[str], 
+        authority_url: str, 
+        redirect_port: int = 3000,
+        mode: AuthenticationMode = AuthenticationMode.INTERACTIVE
+    ):
+        return cls(
+            client_id=client_id, 
+            sdmx_resource_id=sdmx_resource_id, 
+            scopes=scopes, 
+            authority_url=authority_url,
+            redirect_port=redirect_port,
+            mode=mode
+        )
+
+    #
+    @classmethod
+    def noninteractive_with_secret(
+        cls, 
+        client_id: str, 
+        sdmx_resource_id: str,
+        scopes: list[str],
+        authority_url: str,
+        client_secret: str,
+        mode: AuthenticationMode = AuthenticationMode.NONINTERACTIVE_WITH_SECRET
+    ):
+        return cls(
+            client_id=client_id,
+            sdmx_resource_id=sdmx_resource_id,
+            scopes=scopes,
+            authority_url=authority_url,   
+            client_secret=client_secret,  
+            mode=mode
+            )
+
+    #
+    @classmethod
+    def noninteractive_with_adfs(
+        cls, 
+        client_id: str, 
+        sdmx_resource_id: str,
+        token_url: str,
+        mode: AuthenticationMode = AuthenticationMode.NONINTERACTIVE_WITH_ADFS
+    ):
+        return cls(
+            client_id=client_id, 
+            sdmx_resource_id=sdmx_resource_id,
+            token_url=token_url,
+            mode=mode)
+
+    # Authentication interactively - aka Authorization Code flow
+    def __acquire_token_interactive(self):
+        try:
+            # We now check the cache to see
+            # whether we already have some accounts that the end user already used to sign in before.
+            accounts = self._app.get_accounts()
+            if accounts:
+                account = accounts[0]
+            else:
+                account = None
+
+            # Firstly, looks up a access_token from cache, or using a refresh token
+            response_silent = self._app.acquire_token_silent(
+                self._scopes, account=account)
+            if not response_silent:
+                # Prompt the user to sign in interactively
+                response_interactive = self._app.acquire_token_interactive(
+                    scopes=self._scopes, port=self._redirect_port)
+                if "access_token" in response_interactive:
+                    self._access_token = response_interactive.get("access_token")
+                    self._refresh_token = response_interactive.get("refresh_token")
+                    self._creation_time = time.time()
+                    self._expiration_time = time.time() + int(response_interactive.get("expires_in")) -  60 # one minute margin
+                    self.init_status = self._SUCCESS
+                else:
+                    self.init_status = f'{self._ERROR_OCCURRED}{response_interactive.get("error")} Error description: {response_interactive.get("error_description")}'
+            else:
+                if "access_token" in response_silent:
+                    self._access_token = response_silent.get("access_token")
+                    self._refresh_token = response_silent.get("refresh_token")
+                    self._creation_time = time.time()
+                    self._expiration_time = time.time() + int(response_silent.get("expires_in")) -  60 # one minute margin
+                    self.init_status = self._SUCCESS
+                else:
+                    self.init_status = f'{self._ERROR_OCCURRED}{response_silent.get("error")} Error description: {response_silent.get("error_description")}'
+        except Exception as err:
+            self.init_status = f'{self._ERROR_OCCURRED}{err}\n'
+
+    # Authentication non-interactively using any account - aka Client Credentials flow
+    def __acquire_token_noninteractive_with_secret(self):
+        try:
+            response = self._app.acquire_token_for_client(scopes=self._scopes)
+            if "access_token" in response:
+                self._access_token = response.get("access_token")
+                self._creation_time = time.time()
+                self._expiration_time = time.time() + int(response.get("expires_in")) -  60 # one minute margin
+                self.init_status = self._SUCCESS
+            else:
+                self.init_status = f'{self._ERROR_OCCURRED}{response.get("error")} Error description: {response.get("error_description")}'
+
+        except Exception as err:
+            self.init_status = f'{self._ERROR_OCCURRED}{err}\n'
+
+    # Authentication non-interactively using service account - aka Windows Client Authentication
+    def __acquire_token_noninteractive_with_adfs(self):
+        try:
+            headers = {
+                "Content-Type": "application/x-www-form-urlencoded"
+            }
+
+            payload = {
+                'client_id': self._client_id,
+                'use_windows_client_authentication': 'true',
+                'grant_type': 'client_credentials',
+                'scope': 'openid',
+                'resource': self._sdmx_resource_id
+            }
+
+            kerberos_auth = requests_kerberos.HTTPKerberosAuth(
+                mutual_authentication=requests_kerberos.OPTIONAL, force_preemptive=True)
+            response = requests.post(url=self._token_url, data=payload, auth=kerberos_auth)
+
+            # If the response object cannot be converted to json, return an error
+            results_json = None
+            try:
+                results_json = json.loads(response.text)
+                if response.status_code == 200:
+                    self._access_token = results_json['access_token']
+                    self._creation_time = time.time()
+                    self._expiration_time = time.time() + int(results_json['expires_in']) -  60 # one minute margin
+                    self.init_status = self._SUCCESS
+                else:
+                    message = f'{self._ERROR_OCCURRED} Error code: {response.status_code}'
+                    if len(str(response.reason)) > 0:
+                        message += os.linesep + 'Reason: ' + str(response.reason) + os.linesep
+                    if len(response.text) > 0:
+                        message += f'{self._ERROR_OCCURRED}{results_json.get("error")} Error description: {results_json.get("error_description")}\n'
+                        
+                    self.init_status = message
+            except ValueError as err:
+                if len(response.text) > 0:
+                    self.init_status = self._ERROR_OCCURRED + os.linesep + str(response.text)
+                else:
+                    self.init_status = self._ERROR_OCCURRED + os.linesep + str(err)
+        except Exception as err:
+            self.init_status = f'{self._ERROR_OCCURRED} {err}\n'
+
+
+# sub class to manage Keycloak authentication
+class KeycloakAuthentication(Authentication):    
+    #
+    def _initialize_token(self):
+        self._access_token = None
+        self._refresh_token = None
+        self._creation_time = None
+        self._expiration_time = None
+        self.init_status = None
+        match self._mode:
+            case AuthenticationMode.NONINTERACTIVE_WITH_SECRET:
+                self.__acquire_token_noninteractive_with_secret()
+
+    #
+    @classmethod
+    def noninteractive_with_secret(
+        cls, 
+        token_url: str,
+        user: str,
+        password: str,
+        client_id: str = "app",
+        client_secret: str = "",
+        proxy: str | None = None,
+        scopes: list[str] = [],
+        mode: AuthenticationMode = AuthenticationMode.NONINTERACTIVE_WITH_SECRET
+    ):
+        return cls(           
+            token_url=token_url,
+            user=user,
+            password=password,
+            client_id=client_id,   
+            client_secret=client_secret,
+            scopes=scopes,
+            proxy=proxy,  
+            mode=mode
+            )
+
+    # Authentication non-interactively using any account - aka Client Credentials flow
+    def __acquire_token_noninteractive_with_secret(self):
+        try:
+            payload = {
+            'grant_type': 'password',
+            'client_id': self._client_id,
+            'client_secret': self._client_secret,
+            'username': self._user,
+            'password': self._password
+            }
+
+            headers = {"Content-Type": "application/x-www-form-urlencoded"}
+
+            response = requests.post(self._token_url, proxies=self._proxies, headers=headers, data=payload)
+            if response.status_code not in {200, 201}:
+                self.init_status = f'{self._ERROR_OCCURRED}{response}'
+            else:
+                # If the response object cannot be converted to json, return an error
+                results_json = None
+                try:
+                    results_json = json.loads(response.text)
+                    self._access_token = results_json['access_token']
+                    self._refresh_token = results_json['refresh_token']
+                    self._creation_time = time.time()
+                    self._expiration_time = time.time() + int(results_json['expires_in']) -  60 # one minute margin
+                    self.init_status = self._SUCCESS
+                except ValueError as err:
+                    if len(response.text) > 0:
+                        self.init_status = self._ERROR_OCCURRED + os.linesep + str(response.text)
+                    else:
+                        self.init_status = self._ERROR_OCCURRED + os.linesep + str(err)
+        except Exception as err:
+            self.init_status = f'{self._ERROR_OCCURRED}{err}\n'