pypomes-iam 0.5.6__py3-none-any.whl → 0.5.8__py3-none-any.whl

pypomes_iam/iam_services.py

@@ -3,17 +3,102 @@ from flask import Request, Response, request, jsonify
 from logging import Logger
 from typing import Any
 
-from .iam_common import IamServer, _iam_lock, _iam_server_from_endpoint
+from .iam_common import (
+    IamServer, IamParam, _iam_lock,
+    _get_iam_registry, _get_public_key,
+    _iam_server_from_endpoint, _iam_server_from_issuer
+)
 from .iam_actions import (
     action_login, action_logout,
     action_token, action_exchange, action_callback
 )
+from .token_pomes import token_get_claims, token_validate
 
 # the logger for IAM service operations
 # (used exclusively at the HTTP endpoints - all other functions receive the logger as parameter)
 __IAM_LOGGER: Logger | None = None
 
 
+def jwt_required(func: callable) -> callable:
+    """
+    Create a decorator to authenticate service endpoints with JWT tokens.
+
+    :param func: the function being decorated
+    """
+    # ruff: noqa: ANN003 - Missing type annotation for *{name}
+    def wrapper(*args, **kwargs) -> Response:
+        response: Response = __request_validate(request=request)
+        return response if response else func(*args, **kwargs)
+
+    # prevent a rogue error ("View function mapping is overwriting an existing endpoint function")
+    wrapper.__name__ = func.__name__
+
+    return wrapper
+
+
+def __request_validate(request: Request) -> Response:
+    """
+    Verify whether the HTTP *request* has the proper authorization, as per the JWT standard.
+
+    This implementation assumes that HTTP requests are handled with the *Flask* framework.
+    Because this code has a high usage frequency, only authentication failures are logged.
+
+    :param request: the *request* to be verified
+    :return: *None* if the *request* is valid, otherwise a *Response* reporting the error
+    """
+    # initialize the return variable
+    result: Response | None = None
+
+    # retrieve the authorization from the request header
+    auth_header: str = request.headers.get("Authorization")
+
+    # validate the authorization token
+    bad_token: bool = True
+    if auth_header and auth_header.startswith("Bearer "):
+        # extract and validate the JWT access token
+        token: str = auth_header.split(" ")[1]
+        claims: dict[str, Any] = token_get_claims(token=token)
+        if claims:
+            issuer: str = claims["payload"].get("iss")
+            recipient_attr: str | None = None
+            recipient_id: str = request.values.get("user-id") or request.values.get("login")
+            with _iam_lock:
+                iam_server: IamServer = _iam_server_from_issuer(issuer=issuer,
+                                                                errors=None,
+                                                                logger=__IAM_LOGGER)
+                if iam_server:
+                    # validate the token's recipient only if a user identification is provided
+                    if recipient_id:
+                        registry: dict[str, Any] = _get_iam_registry(iam_server=iam_server,
+                                                                     errors=None,
+                                                                     logger=__IAM_LOGGER)
+                        if registry:
+                            recipient_attr = registry[IamParam.RECIPIENT_ATTR]
+                    public_key: str = _get_public_key(iam_server=iam_server,
+                                                      errors=None,
+                                                      logger=__IAM_LOGGER)
+            # validate the token (log errors, only)
+            errors: list[str] = []
+            if public_key and token_validate(token=token,
+                                             issuer=issuer,
+                                             recipient_id=recipient_id,
+                                             recipient_attr=recipient_attr,
+                                             public_key=public_key,
+                                             errors=errors):
+                # token is valid
+                bad_token = False
+            elif __IAM_LOGGER:
+                __IAM_LOGGER.error("; ".join(errors))
+        if bad_token and __IAM_LOGGER:
+            __IAM_LOGGER.error(f"Authorization refused for token {token}")
+
+    # deny the authorization
+    if bad_token:
+        result = Response(response="Authorization failed",
+                          status=401)
+    return result
+
+
 def logger_register(logger: Logger) -> None:
     """
     Register the logger for HTTP services.
@@ -171,9 +256,9 @@ def service_callback() -> Response:
     else:
         result = jsonify({"user-id": token_data[0],
                           "access-token": token_data[1]})
-    # log the response
     if __IAM_LOGGER:
-        __IAM_LOGGER.debug(msg=f"Response {result}, {result.get_data(as_text=True)}")
+        # log the response (the returned data is not logged, as it contains the token)
+        __IAM_LOGGER.debug(msg=f"Response {result}")
 
     return result
 
@@ -232,9 +317,9 @@ def service_token() -> Response:
     else:
         result = jsonify({"user-id": user_id,
                           "access-token": token})
-    # log the response
     if __IAM_LOGGER:
-        __IAM_LOGGER.debug(msg=f"Response {result}, {result.get_data(as_text=True)}")
+        # log the response (the returned data is not logged, as it contains the token)
+        __IAM_LOGGER.debug(msg=f"Response {result}")
 
     return result
 

pypomes_iam/provider_pomes.py

@@ -3,22 +3,42 @@ import requests
 import sys
 from base64 import b64encode
 from datetime import datetime
+from enum import StrEnum
 from logging import Logger
 from pypomes_core import TZ_LOCAL, exc_format
 from threading import Lock
 from typing import Any, Final
 
+
+class ProviderParam(StrEnum):
+    """
+    Parameters for configuring a *JWT* token provider.
+    """
+    URL = "url"
+    USER = "user"
+    PWD = "pwd"
+    CUSTOM_AUTH = "custom-auth"
+    HEADER_DATA = "headers-data"
+    BODY_DATA = "body-data"
+    ACCESS_TOKEN = "access-token"
+    ACCESS_EXPIRATION = "access-expiration"
+    REFRESH_TOKEN = "refresh-token"
+    REFRESH_EXPIRATION = "refresh-expiration"
+
+
 # structure:
 # {
 #    <provider-id>: {
 #      "url": <strl>,
 #      "user": <str>,
 #      "pwd": <str>,
-#      "basic-auth": <bool>,
+#      "custom-auth": <bool>,
 #      "headers-data": <dict[str, str]>,
 #      "body-data": <dict[str, str],
 #      "access-token": <str>,
-#      "access-expiration": <timestamp>
+#      "access-expiration": <timestamp>,
+#      "refresh-token": <str>,
+#      "refresh-expiration": <timestamp>
 #    }
 # }
 _provider_registry: Final[dict[str, dict[str, Any]]] = {}
@@ -58,16 +78,16 @@ def provider_register(provider_id: str,
 
     with _provider_lock:
         _provider_registry[provider_id] = {
-            "url": auth_url,
-            "user": auth_user,
-            "pwd": auth_pwd,
-            "custom-auth": custom_auth,
-            "headers-data": headers_data,
-            "body-data": body_data,
-            "access-token": None,
-            "access-expiration": 0,
-            "refresh-token": None,
-            "refresh-expiration": 0
+            ProviderParam.URL: auth_url,
+            ProviderParam.USER: auth_user,
+            ProviderParam.PWD: auth_pwd,
+            ProviderParam.CUSTOM_AUTH: custom_auth,
+            ProviderParam.HEADER_DATA: headers_data,
+            ProviderParam.BODY_DATA: body_data,
+            ProviderParam.ACCESS_TOKEN: None,
+            ProviderParam.ACCESS_EXPIRATION: 0,
+            ProviderParam.REFRESH_TOKEN: None,
+            ProviderParam.REFRESH_EXPIRATION: 0
         }
 
 
@@ -91,19 +111,19 @@ def provider_get_token(provider_id: str,
         provider: dict[str, Any] = _provider_registry.get(provider_id)
         if provider:
             now: float = datetime.now(tz=TZ_LOCAL).timestamp()
-            if now > provider.get("access-expiration"):
-                user: str = provider.get("user")
-                pwd: str = provider.get("pwd")
-                headers_data: dict[str, str] = provider.get("headers-data") or {}
-                body_data: dict[str, str] = provider.get("body-data") or {}
-                custom_auth: tuple[str, str] = provider.get("custom-auth")
+            if now > provider.get(ProviderParam.ACCESS_EXPIRATION):
+                user: str = provider.get(ProviderParam.USER)
+                pwd: str = provider.get(ProviderParam.PWD)
+                headers_data: dict[str, str] = provider.get(ProviderParam.HEADER_DATA) or {}
+                body_data: dict[str, str] = provider.get(ProviderParam.BODY_DATA) or {}
+                custom_auth: tuple[str, str] = provider.get(ProviderParam.CUSTOM_AUTH)
                 if custom_auth:
                     body_data[custom_auth[0]] = user
                     body_data[custom_auth[1]] = pwd
                 else:
                     enc_bytes: bytes = b64encode(f"{user}:{pwd}".encode())
                     headers_data["Authorization"] = f"Basic {enc_bytes.decode()}"
-                url: str = provider.get("url")
+                url: str = provider.get(ProviderParam.URL)
                 if logger:
                     logger.debug(msg=f"POST {url}, {json.dumps(obj=body_data,
                                                                ensure_ascii=False)}")
@@ -130,14 +150,14 @@ def provider_get_token(provider_id: str,
                         if logger:
                             logger.debug(msg=f"POST success, status {response.status_code}")
                         reply: dict[str, Any] = response.json()
-                        provider["access-token"] = reply.get("access_token")
-                        provider["access-expiration"] = now + int(reply.get("expires_in"))
-                        if reply.get("refresh_token"):
-                            provider["refresh-token"] = reply["refresh_token"]
+                        provider[ProviderParam.ACCESS_TOKEN] = reply.get("access_token")
+                        provider[ProviderParam.ACCESS_EXPIRATION] = now + int(reply.get("expires_in"))
+                        if reply.get(ProviderParam.REFRESH_TOKEN):
+                            provider[ProviderParam.REFRESH_TOKEN] = reply["refresh_token"]
                             if reply.get("refresh_expires_in"):
-                                provider["refresh-expiration"] = now + int(reply.get("refresh_expires_in"))
+                                provider[ProviderParam.REFRESH_EXPIRATION] = now + int(reply.get("refresh_expires_in"))
                             else:
-                                provider["refresh-expiration"] = sys.maxsize
+                                provider[ProviderParam.REFRESH_EXPIRATION] = sys.maxsize
                         if logger:
                             logger.debug(msg=f"POST {url}: status {response.status_code}")
                 except Exception as e:
@@ -154,7 +174,7 @@ def provider_get_token(provider_id: str,
         if logger:
             logger.error(msg=err_msg)
     else:
-        result = provider.get("access-token")
+        result = provider.get(ProviderParam.ACCESS_TOKEN)
 
     return result
 

pypomes_iam/token_pomes.py

@@ -117,8 +117,6 @@ def token_validate(token: str,
             "verify_nbf": False,
             "verify_signature": token_alg in ["RS256", "RS512"] and public_key is not None
         }
-        if issuer:
-            options["require"].append("iss")
         try:
             # raises:
             #   InvalidTokenError: token is invalid

{pypomes_iam-0.5.6.dist-info → pypomes_iam-0.5.8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.5.6
+Version: 0.5.8
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

pypomes_iam-0.5.8.dist-info/RECORD

@@ -0,0 +1,11 @@
+pypomes_iam/__init__.py,sha256=f-2W_zrCmXExubJPExQrhAwGpiQCmybEC_wguRYFHsw,994
+pypomes_iam/iam_actions.py,sha256=Bmd8rBg3948Afsg10B6B1ZrFY4wYtbxi55rX4Rlqiyk,39167
+pypomes_iam/iam_common.py,sha256=I-HtwpvrhByTbOoSQrMktjpbYgeIPlYM1YC6wkFUhI4,18251
+pypomes_iam/iam_pomes.py,sha256=BetEVGv41wkcP9E1wRvYiQgmJElDXH4Iz8qgf7iH6X0,5617
+pypomes_iam/iam_services.py,sha256=IkCjrKDX1Ix7BiHh-BL3VKz5xogcNC8prXkHyJzQoZ8,15862
+pypomes_iam/provider_pomes.py,sha256=N0nL9_hgHmAjG9JKFoXC33zk8b1ckPG1veu1jTp-2JE,8045
+pypomes_iam/token_pomes.py,sha256=K4nSAotKUoHIE2s3ltc_nVimlNeKS9tnD-IlslkAvkk,6626
+pypomes_iam-0.5.8.dist-info/METADATA,sha256=Q60cQU69Gbay_IjFewESe9P4O4Z6mQ5tz_tYvw7yIMM,694
+pypomes_iam-0.5.8.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+pypomes_iam-0.5.8.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
+pypomes_iam-0.5.8.dist-info/RECORD,,

pypomes_iam/jusbr_pomes.py

@@ -1,125 +0,0 @@
-from cachetools import Cache, FIFOCache
-from flask import Flask
-from logging import Logger
-from pypomes_core import (
-    APP_PREFIX, env_get_int, env_get_str
-)
-from typing import Any, Final
-
-from .iam_common import _IAM_SERVERS, IamServer, _iam_lock
-from .iam_actions import action_token
-
-JUSBR_CLIENT_ID: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_CLIENT_ID")
-JUSBR_CLIENT_SECRET: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_CLIENT_SECRET")
-JUSBR_CLIENT_TIMEOUT: Final[int] = env_get_int(key=f"{APP_PREFIX}_JUSBR_CLIENT_TIMEOUT")
-
-JUSBR_ENDPOINT_CALLBACK: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_ENDPOINT_CALLBACK",
-                                                  def_value="/iam/jusbr:callback")
-JUSBR_ENDPOINT_LOGIN: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_ENDPOINT_LOGIN",
-                                               def_value="/iam/jusbr:login")
-JUSBR_ENDPOINT_LOGOUT: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_ENDPOINT_LOGOUT",
-                                                def_value="/iam/jusbr:logout")
-JUSBR_ENDPOINT_TOKEN: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_ENDPOINT_TOKEN",
-                                               def_value="/iam/jusbr:get-token")
-
-JUSBR_PUBLIC_KEY_LIFETIME: Final[int] = env_get_int(key=f"{APP_PREFIX}_JUSBR_PUBLIC_KEY_LIFETIME",
-                                                    def_value=86400)  # 24 hours
-JUSBR_REALM: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_REALM")
-JUSBR_RECIPIENT_ATTR: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_RECIPIENT_ATTR",
-                                               def_value="preferred_username")
-JUSBR_URL_AUTH_BASE: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_URL_AUTH_BASE")
-
-
-def jusbr_setup(flask_app: Flask,
-                base_url: str = JUSBR_URL_AUTH_BASE,
-                realm: str = JUSBR_REALM,
-                client_id: str = JUSBR_CLIENT_ID,
-                client_secret: str = JUSBR_CLIENT_SECRET,
-                client_timeout: int = JUSBR_CLIENT_TIMEOUT,
-                public_key_lifetime: int | None = JUSBR_PUBLIC_KEY_LIFETIME,
-                recipient_attribute: str | None = JUSBR_RECIPIENT_ATTR,
-                callback_endpoint: str | None = JUSBR_ENDPOINT_CALLBACK,
-                login_endpoint: str | None = JUSBR_ENDPOINT_LOGIN,
-                logout_endpoint: str | None = JUSBR_ENDPOINT_LOGOUT,
-                token_endpoint: str | None = JUSBR_ENDPOINT_TOKEN) -> None:
-    """
-    Configure the JusBR IAM.
-
-    This should be invoked only once, before the first access to a JusBR service.
-
-    :param flask_app: the Flask application
-    :param base_url: base URL to request JusBR services
-    :param realm: the JusBR realm
-    :param client_id: the client's identification with JusBR
-    :param client_secret: the client's password with JusBR
-    :param client_timeout: timeout for login authentication (in seconds,defaults to no timeout)
-    :param public_key_lifetime: how long to use JusBR's public key, before refreshing it (in seconds)
-    :param recipient_attribute: attribute in the token's payload holding the token's subject
-    :param callback_endpoint: endpoint for the callback from JusBR
-    :param login_endpoint: endpoint for redirecting user to JusBR's login page
-    :param logout_endpoint: endpoint for terminating user access to JusBR
-    :param token_endpoint: endpoint for retrieving JusBR's authentication token
-    """
-    from .iam_services import service_login, service_logout, service_callback, service_token
-
-    # configure the JusBR registry
-    cache: Cache = FIFOCache(maxsize=1048576)
-    cache["users"] = {}
-    with _iam_lock:
-        _IAM_SERVERS[IamServer.IAM_JUSRBR] = {
-            "base-url": f"{base_url}/realms/{realm}",
-            "client-id": client_id,
-            "client-secret": client_secret,
-            "client-timeout": client_timeout,
-            "public-key": None,
-            "pk-lifetime": public_key_lifetime,
-            "pk-expiration": 0,
-            "recipient-attr": recipient_attribute,
-            "cache": cache
-        }
-
-    # establish the endpoints
-    if callback_endpoint:
-        flask_app.add_url_rule(rule=callback_endpoint,
-                               endpoint="jusbr-callback",
-                               view_func=service_callback,
-                               methods=["GET"])
-    if login_endpoint:
-        flask_app.add_url_rule(rule=login_endpoint,
-                               endpoint="jusbr-login",
-                               view_func=service_login,
-                               methods=["GET"])
-    if logout_endpoint:
-        flask_app.add_url_rule(rule=logout_endpoint,
-                               endpoint="jusbr-logout",
-                               view_func=service_logout,
-                               methods=["GET"])
-    if token_endpoint:
-        flask_app.add_url_rule(rule=token_endpoint,
-                               endpoint="jusbr-token",
-                               view_func=service_token,
-                               methods=["GET"])
-
-
-def jusbr_get_token(user_id: str,
-                    errors: list[str] = None,
-                    logger: Logger = None) -> str:
-    """
-    Retrieve a JusBR authentication token for *user_id*.
-
-    :param user_id: the user's identification
-    :param errors: incidental errors
-    :param logger: optional logger
-    :return: the uthentication tokem
-    """
-    # declare the return variable
-    result: str
-
-    # retrieve the token
-    args: dict[str, Any] = {"user-id": user_id}
-    with _iam_lock:
-        result = action_token(iam_server=IamServer.IAM_JUSRBR,
-                              args=args,
-                              errors=errors,
-                              logger=logger)
-    return result

pypomes_iam/keycloak_pomes.py

@@ -1,136 +0,0 @@
-from cachetools import Cache, FIFOCache
-from flask import Flask
-from logging import Logger
-from pypomes_core import (
-    APP_PREFIX, env_get_int, env_get_str
-)
-from typing import Any, Final
-
-from .iam_common import _IAM_SERVERS, IamServer, _iam_lock
-from .iam_actions import action_token
-
-KEYCLOAK_CLIENT_ID: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_CLIENT_ID")
-KEYCLOAK_CLIENT_SECRET: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_CLIENT_SECRET")
-KEYCLOAK_CLIENT_TIMEOUT: Final[int] = env_get_int(key=f"{APP_PREFIX}_KEYCLOAK_CLIENT_TIMEOUT")
-
-KEYCLOAK_ENDPOINT_CALLBACK: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_ENDPOINT_CALLBACK",
-                                                     def_value="/iam/ijud:callback")
-KEYCLOAK_ENDPOINT_EXCHANGE: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_ENDPOINT_EXCHANGE",
-                                                     def_value="/iam/ijud:exchange-token")
-KEYCLOAK_ENDPOINT_LOGIN: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_ENDPOINT_LOGIN",
-                                                  def_value="/iam/ijud:login")
-KEYCLOAK_ENDPOINT_LOGOUT: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_ENDPOINT_LOGOUT",
-                                                   def_value="/iam/ijud:logout")
-KEYCLOAK_ENDPOINT_TOKEN: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_ENDPOINT_TOKEN",
-                                                  def_value="/iam/ijud:get-token")
-
-KEYCLOAK_PUBLIC_KEY_LIFETIME: Final[int] = env_get_int(key=f"{APP_PREFIX}_KEYCLOAK_PUBLIC_KEY_LIFETIME",
-                                                       def_value=86400)  # 24 hours
-KEYCLOAK_REALM: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_REALM")
-KEYCLOAK_RECIPIENT_ATTR: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_RECIPIENT_ATTR",
-                                                  def_value="preferred_username")
-KEYCLOAK_URL_AUTH_BASE: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_URL_AUTH_BASE")
-
-
-def keycloak_setup(flask_app: Flask,
-                   base_url: str = KEYCLOAK_URL_AUTH_BASE,
-                   realm: str = KEYCLOAK_REALM,
-                   client_id: str = KEYCLOAK_CLIENT_ID,
-                   client_secret: str = KEYCLOAK_CLIENT_SECRET,
-                   client_timeout: int = KEYCLOAK_CLIENT_TIMEOUT,
-                   public_key_lifetime: int | None = KEYCLOAK_PUBLIC_KEY_LIFETIME,
-                   recipient_attribute: str | None = KEYCLOAK_RECIPIENT_ATTR,
-                   callback_endpoint: str | None = KEYCLOAK_ENDPOINT_CALLBACK,
-                   login_endpoint: str | None = KEYCLOAK_ENDPOINT_LOGIN,
-                   logout_endpoint: str | None = KEYCLOAK_ENDPOINT_LOGOUT,
-                   token_endpoint: str | None = KEYCLOAK_ENDPOINT_TOKEN,
-                   exchange_endpoint: str | None = KEYCLOAK_ENDPOINT_EXCHANGE) -> None:
-    """
-    Configure the Keycloak IAM.
-
-    This should be invoked only once, before the first access to a Keycloak service.
-
-    :param flask_app: the Flask application
-    :param base_url: base URL to request Keycloak services
-    :param realm: the Keycloak realm
-    :param client_id: the client's identification with JusBR
-    :param client_secret: the client's password with JusBR
-    :param client_timeout: timeout for login authentication (in seconds,defaults to no timeout)
-    :param public_key_lifetime: how long to use Keycloak's public key, before refreshing it (in seconds)
-    :param recipient_attribute: attribute in the token's payload holding the token's subject
-    :param callback_endpoint: endpoint for the callback from the front end
-    :param login_endpoint: endpoint for redirecting user to Keycloak's login page
-    :param logout_endpoint: endpoint for terminating user access to Keycloak
-    :param token_endpoint: endpoint for retrieving Keycloak's authentication token
-    :param exchange_endpoint: endpoint for requesting token exchange
-    """
-    from .iam_services import (
-        service_login, service_logout, service_callback, service_exchange, service_token
-    )
-
-    # configure the Keycloak registry
-    cache: Cache = FIFOCache(maxsize=1048576)
-    cache["users"] = {}
-    with _iam_lock:
-        _IAM_SERVERS[IamServer.IAM_KEYCLOAK] = {
-            "base-url": f"{base_url}/realms/{realm}",
-            "client-id": client_id,
-            "client-secret": client_secret,
-            "client-timeout": client_timeout,
-            "public-key": None,
-            "pk-lifetime": public_key_lifetime,
-            "pk-expiration": 0,
-            "recipient-attr": recipient_attribute,
-            "cache": cache
-        }
-
-    # establish the endpoints
-    if callback_endpoint:
-        flask_app.add_url_rule(rule=callback_endpoint,
-                               endpoint="keycloak-callback",
-                               view_func=service_callback,
-                               methods=["GET"])
-    if login_endpoint:
-        flask_app.add_url_rule(rule=login_endpoint,
-                               endpoint="keycloak-login",
-                               view_func=service_login,
-                               methods=["GET"])
-    if logout_endpoint:
-        flask_app.add_url_rule(rule=logout_endpoint,
-                               endpoint="keycloak-logout",
-                               view_func=service_logout,
-                               methods=["GET"])
-    if token_endpoint:
-        flask_app.add_url_rule(rule=token_endpoint,
-                               endpoint="keycloak-token",
-                               view_func=service_token,
-                               methods=["GET"])
-    if exchange_endpoint:
-        flask_app.add_url_rule(rule=exchange_endpoint,
-                               endpoint="keycloak-exchange",
-                               view_func=service_exchange,
-                               methods=["POST"])
-
-
-def keycloak_get_token(user_id: str,
-                       errors: list[str] = None,
-                       logger: Logger = None) -> str:
-    """
-    Retrieve a Keycloak authentication token for *user_id*.
-
-    :param user_id: the user's identification
-    :param errors: incidental errors
-    :param logger: optional logger
-    :return: the uthentication tokem
-    """
-    # declare the return variable
-    result: str
-
-    # retrieve the token
-    args: dict[str, Any] = {"user-id": user_id}
-    with _iam_lock:
-        result = action_token(iam_server=IamServer.IAM_KEYCLOAK,
-                              args=args,
-                              errors=errors,
-                              logger=logger)
-    return result

pypomes_iam-0.5.6.dist-info/RECORD

@@ -1,13 +0,0 @@
-pypomes_iam/__init__.py,sha256=ip9p9-0qCaRPuMVae2JTLZHq6-OPgNKBIL6t6PaSHWg,1180
-pypomes_iam/iam_actions.py,sha256=0x5kPaDor2rHiOznyF9DLzsNRGLleB66K6RJBPaJkBc,24178
-pypomes_iam/iam_common.py,sha256=Xu3Jz-wXzYtEk1hi06lFJ997e9n77I_eeRbpRQ2qCy4,10365
-pypomes_iam/iam_pomes.py,sha256=yA0ZRaD-fp7aZZ-yDnFlh6CvCsEWd-Tf123twQoTPGg,3456
-pypomes_iam/iam_services.py,sha256=ZwSwCiA3XssjG_HgTdkkKtdnQg9UjuqlvFhWVPQfSH8,11871
-pypomes_iam/jusbr_pomes.py,sha256=X_YgY45122tflAzQdAMEcEyVbPvzFigjHLal0qL1v_M,5916
-pypomes_iam/keycloak_pomes.py,sha256=FGdkPjVGEDp5Pwfav4EIc9uSbT4_pG7oPqaiHeJBSLU,6763
-pypomes_iam/provider_pomes.py,sha256=CdEjYjepGXsehn_ujljUQKs0Ws7xNOzBYG6wKp9C7-E,7233
-pypomes_iam/token_pomes.py,sha256=Bz9pT2oU6jTEr_ZEZEJ3kUjH3TfxRyY1_vR319v6CEo,6692
-pypomes_iam-0.5.6.dist-info/METADATA,sha256=ZowLxR_xl3hWHutcz_hGAhvW0B1vsIyIIrrCnwF5uXg,694
-pypomes_iam-0.5.6.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-pypomes_iam-0.5.6.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
-pypomes_iam-0.5.6.dist-info/RECORD,,