pypomes-iam 0.8.1__tar.gz → 0.9.1__tar.gz

{pypomes_iam-0.8.1 → pypomes_iam-0.9.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.8.1
+Version: 0.9.1
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

{pypomes_iam-0.8.1 → pypomes_iam-0.9.1}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "pypomes_iam"
-version = "0.8.1"
+version = "0.9.1"
 authors = [
   { name="GT Nunes", email="wisecoder01@gmail.com" }
 ]

{pypomes_iam-0.8.1 → pypomes_iam-0.9.1}/src/pypomes_iam/__init__.py

@@ -1,23 +1,23 @@
 from .iam_actions import (
     iam_callback, iam_exchange,
-    iam_login, iam_logout, iam_get_token
+    iam_login, iam_logout, iam_get_token, iam_userinfo
 )
 from .iam_common import (
-    IamServer, IamParam
+    IamServer, ServerParam
 )
 from .iam_pomes import (
     iam_setup_server, iam_setup_endpoints
 )
 from .iam_services import (
     jwt_required, iam_setup_logger,
-    service_setup_server, service_get_token,
-    service_login, service_logout,
-    service_callback, service_exchange,
-    service_callback_exchange
+    service_setup_server, service_login, service_logout,
+    service_get_token, service_userinfo, service_callback,
+    service_exchange, service_callback_exchange
 )
 from .provider_pomes import (
+    IamProvider, ProviderParam,
     service_get_token, provider_get_token,
-    provider_setup_endpoint, provider_setup_logger, provider_setup_server
+    iam_setup_provider, provider_setup_endpoint, provider_setup_logger
 )
 from .token_pomes import (
     token_get_claims, token_get_values, token_validate
@@ -26,20 +26,20 @@ from .token_pomes import (
 __all__ = [
     # iam_actions
     "iam_callback", "iam_exchange",
-    "iam_login", "iam_logout", "iam_get_token",
+    "iam_login", "iam_logout", "iam_get_token", "iam_userinfo",
     # iam_commons
-    "IamServer", "IamParam",
+    "IamServer", "ServerParam",
     # iam_pomes
     "iam_setup_server", "iam_setup_endpoints",
     # iam_services
     "jwt_required", "iam_setup_logger",
-    "service_setup_server", "service_get_token",
-    "service_login", "service_logout",
-    "service_callback", "service_exchange",
-    "service_callback_exchange",
+    "service_setup_server", "service_login", "service_logout",
+    "service_get_token", "service_userinfo", "service_callback",
+    "service_exchange", "service_callback_exchange",
     # provider_pomes
-    "provider_setup_server", "provider_get_token",
-    "provider_setup_endpoint", "provider_setup_logger", "provider_setup_server",
+    "IamProvider", "ProviderParam",
+    "service_get_token", "provider_get_token",
+    "iam_setup_provider", "provider_setup_endpoint", "provider_setup_logger",
     # token_pomes
     "token_get_claims", "token_get_values", "token_validate"
 ]

{pypomes_iam-0.8.1 → pypomes_iam-0.9.1}/src/pypomes_iam/iam_actions.py

@@ -9,7 +9,7 @@ from pypomes_core import TZ_LOCAL, exc_format
 from typing import Any
 
 from .iam_common import (
-    IamServer, IamParam, UserParam, _iam_lock,
+    IamServer, ServerParam, UserParam, _iam_lock,
     _get_iam_users, _get_iam_registry, _get_public_key,
     _get_login_timeout, _get_user_data, _iam_server_from_issuer
 )
@@ -56,7 +56,7 @@ def iam_login(iam_server: IamServer,
     # ('oauth_state' is a randomly-generated string, thus 'user_data' is always a new entry)
     oauth_state: str = "".join(secrets.choice(string.ascii_letters + string.digits) for _ in range(16))
     if target_idp:
-        oauth_state += f"#idp={target_idp}"
+        oauth_state += f"_{target_idp}"
 
     with _iam_lock:
         # retrieve the user data from the IAM server's registry
@@ -80,10 +80,10 @@ def iam_login(iam_server: IamServer,
                                                              errors=errors,
                                                              logger=logger)
                 if registry:
-                    base_url: str = f"{registry[IamParam.URL_BASE]}/realms/{registry[IamParam.CLIENT_REALM]}"
+                    base_url: str = f"{registry[ServerParam.URL_BASE]}/realms/{registry[ServerParam.CLIENT_REALM]}"
                     result = (f"{base_url}/protocol/openid-connect/auth"
                               f"?response_type=code&scope=openid"
-                              f"&client_id={registry[IamParam.CLIENT_ID]}"
+                              f"&client_id={registry[ServerParam.CLIENT_ID]}"
                               f"&redirect_uri={redirect_uri}"
                               f"&state={oauth_state}")
                     if target_idp:
@@ -100,9 +100,9 @@ def iam_logout(iam_server: IamServer,
     """
     Logout the user, by removing all data associating it from *iam_server*'s registry.
 
-    The user is identified by the attribute *user-id* or "login", provided in *args*.
-    If successful, remove all data relating to the user from the *IAM* server's registry.
-    Otherwise, this operation fails silently, unless an error has ocurred.
+    The user is identified by the attribute *user-id* or *login*, provided in *args*.
+    A logout request is sent to *iam_server* and, if successful, remove all data relating to the user
+    from the *IAM* server's registry.
 
     :param iam_server: the reference registered *IAM* server
     :param args: the arguments passed when requesting the service
@@ -114,14 +114,65 @@ def iam_logout(iam_server: IamServer,
 
     if user_id:
         with _iam_lock:
-            # retrieve the data for all users in the IAM server's registry
-            users: dict[str, dict[str, Any]] = _get_iam_users(iam_server=iam_server,
-                                                              errors=errors,
-                                                              logger=logger) or {}
-            if user_id in users:
-                users.pop(user_id)
-                if logger:
-                    logger.debug(msg=f"User '{user_id}' removed from {iam_server}'s registry")
+            # retrieve the IAM server's registry and the data for all users therein
+            registry: dict[str, Any] = _get_iam_registry(iam_server,
+                                                         errors=errors,
+                                                         logger=logger)
+            users: dict[str, dict[str, Any]] = registry[ServerParam.USERS] if registry else {}
+            user_data: dict[str, Any] = users.get(user_id)
+            if user_data:
+                # request the IAM server to logout 'client_id'
+                client_secret: str = __get_client_secret(iam_server=iam_server,
+                                                         errors=errors,
+                                                         logger=logger)
+                if client_secret:
+                    url: str = (f"{registry[ServerParam.URL_BASE]}/realms/{registry[ServerParam.CLIENT_REALM]}"
+                                "/protocol/openid-connect/logout")
+                    header_data: dict[str, str] = {
+                        "Content-Type": "application/x-www-form-urlencoded"
+                    }
+                    body_data: dict[str, Any] = {
+                        "client_id": registry[ServerParam.CLIENT_ID],
+                        "client_secret": client_secret,
+                        "refresh_token": user_data[UserParam.REFRESH_TOKEN]
+                    }
+                    #  log the POST
+                    if logger:
+                        logger.debug(msg=f"POST {url}")
+                    try:
+                        response: requests.Response = requests.post(url=url,
+                                                                    headers=header_data,
+                                                                    data=body_data)
+                        if response.status_code in [200, 204]:
+                            # request succeeded
+                            if logger:
+                                logger.debug(msg=f"POST success")
+                        else:
+                            # request failed, report the problem
+                            msg: str = f"POST failure, status {response.status_code}, reason {response.reason}"
+                            if logger:
+                                logger.error(msg=msg)
+                            if isinstance(errors, list):
+                                errors.append(msg)
+                    except Exception as e:
+                        # the operation raised an exception
+                        msg: str = exc_format(exc=e,
+                                              exc_info=sys.exc_info())
+                        if logger:
+                            logger.error(msg=msg)
+                        if isinstance(errors, list):
+                            errors.append(msg)
+
+                    if not errors and user_id in users:
+                        users.pop(user_id)
+                        if logger:
+                            logger.debug(msg=f"User '{user_id}' removed from {iam_server}'s registry")
+    else:
+        msg: str = "User identification not provided"
+        if logger:
+            logger.error(msg=msg)
+        if isinstance(errors, list):
+            errors.append(msg)
 
 
 def iam_get_token(iam_server: IamServer,
@@ -176,7 +227,7 @@ def iam_get_token(iam_server: IamServer,
                         refresh_expiration: int = user_data[UserParam.REFRESH_EXPIRATION]
                         if now < refresh_expiration:
                             header_data: dict[str, str] = {
-                                "Content-Type": "application/json"
+                                "Content-Type": "application/x-www-form-urlencoded"
                             }
                             body_data: dict[str, str] = {
                                 "grant_type": "refresh_token",
@@ -271,9 +322,9 @@ def iam_callback(iam_server: IamServer,
             if int(datetime.now(tz=TZ_LOCAL).timestamp()) > expiration:
                 errors.append("Operation timeout")
             else:
-                pos: int = oauth_state.rfind("#idp=")
-                target_idp: str = oauth_state[pos+4:] if pos > 0 else None
-                target_iam = IamServer(target_idp) if target_idp in IamServer else None
+                pos: int = oauth_state.rfind("_")
+                target_idp: str = oauth_state[pos+1:] if pos > 0 else None
+                target_iam: IamServer = IamServer(target_idp) if target_idp in IamServer else None
                 target_data: dict[str, Any] = user_data.copy() if target_iam else None
                 users.pop(oauth_state)
                 code: str = args.get("code")
@@ -306,8 +357,8 @@ def iam_callback(iam_server: IamServer,
                         registry: dict[str, Any] = _get_iam_registry(iam_server,
                                                                      errors=errors,
                                                                      logger=logger)
-                        url: str = f"{registry[IamParam.URL_BASE]}/realms/{registry[IamParam.CLIENT_REALM]}"
-                        url += f"/broker/{target_idp}/token"
+                        url: str = (f"{registry[ServerParam.URL_BASE]}/realms/"
+                                    f"{registry[ServerParam.CLIENT_REALM]}/broker/{target_idp}/token")
                         header_data: dict[str, str] = {
                             "Authorization": f"Bearer {result[1]}",
                             "Content-Type": "application/json"
@@ -375,7 +426,6 @@ def iam_exchange(iam_server: IamServer,
                                                 errors=errors,
                                                 logger=logger)
     if not errors:
-        # HAZARD: only 'IAM_KEYCLOAK' is currently supported
         with _iam_lock:
             # retrieve the IAM server's registry
             registry: dict[str, Any] = _get_iam_registry(iam_server=iam_server,
@@ -401,7 +451,7 @@ def iam_exchange(iam_server: IamServer,
                         "subject_token": token,
                         "subject_token_type": "urn:ietf:params:oauth:token-type:access_token",
                         "requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
-                        "audience": registry[IamParam.CLIENT_ID],
+                        "audience": registry[ServerParam.CLIENT_ID],
                         "subject_issuer": token_issuer
                     }
                     now: int = int(datetime.now(tz=TZ_LOCAL).timestamp())
@@ -429,6 +479,60 @@ def iam_exchange(iam_server: IamServer,
     return result
 
 
+def iam_userinfo(iam_server: IamServer,
+                 args: dict[str, Any],
+                 errors: list[str] = None,
+                 logger: Logger = None) -> dict[str, Any] | None:
+    """
+    Obtain user data from *iam_server*.
+
+    The user is identified by the attribute *user-id* or *login*, provided in *args*.
+
+    :param iam_server: the reference registered *IAM* server
+    :param args: the arguments passed when requesting the service
+    :param errors: incidental error messages
+    :param logger: optional logger
+    :return: the user information requested, or *None* if error
+    """
+    # initialize the return variable
+    result: dict[str, Any] | None = None
+
+    # obtain the user's identification
+    user_id: str = args.get("user-id") or args.get("login")
+
+    err_msg: str | None = None
+    if user_id:
+        with _iam_lock:
+            # retrieve the IAM server's registry and the user data therein
+            registry: dict[str, Any] = _get_iam_registry(iam_server,
+                                                         errors=errors,
+                                                         logger=logger)
+            user_data: dict[str, Any] = registry[ServerParam.USERS].get(user_id)
+            if user_data:
+                url: str = (f"{registry[ServerParam.URL_BASE]}/realms/{registry[ServerParam.CLIENT_REALM]}"
+                            "/protocol/openid-connect/userinfo")
+                header_data: dict[str, str] = {
+                    "Authorization": f"Bearer {args.get('access-token')}"
+                }
+                result = __get_for_data(url=url,
+                                        header_data=header_data,
+                                        params=None,
+                                        errors=errors,
+                                        logger=logger)
+            else:
+                err_msg = f"Unknown user '{user_id}'"
+    else:
+        err_msg: str = "User identification not provided"
+
+    if err_msg:
+        if logger:
+            logger.error(msg=err_msg)
+        if isinstance(errors, list):
+            errors.append(err_msg)
+
+    return result
+
+
 def __assert_link(iam_server: IamServer,
                   user_id: str,
                   token: str,
@@ -461,7 +565,7 @@ def __assert_link(iam_server: IamServer,
         if logger:
             logger.debug(msg="Obtaining internal identification "
                              f"for user '{user_id}' in IAM server '{iam_server}'")
-        url: str = f"{registry[IamParam.URL_BASE]}/admin/realms/{registry[IamParam.CLIENT_REALM]}/users"
+        url: str = f"{registry[ServerParam.URL_BASE]}/admin/realms/{registry[ServerParam.CLIENT_REALM]}/users"
         header_data: dict[str, str] = {
             "Authorization": f"Bearer {admin_token}",
             "Content-Type": "application/json"
@@ -482,8 +586,8 @@ def __assert_link(iam_server: IamServer,
             if logger:
                 logger.debug(msg="Obtaining the providers federated in IAM server "
                                  f"'{iam_server}', for internal identification '{internal_id}'")
-            url = (f"{registry[IamParam.URL_BASE]}/admin/realms/"
-                   f"{registry[IamParam.CLIENT_REALM]}/users/{internal_id}/federated-identity")
+            url = (f"{registry[ServerParam.URL_BASE]}/admin/realms/"
+                   f"{registry[ServerParam.CLIENT_REALM]}/users/{internal_id}/federated-identity")
             providers: list[dict[str, Any]] = __get_for_data(url=url,
                                                              header_data=header_data,
                                                              params=None,
@@ -546,14 +650,14 @@ def __get_administrative_token(iam_server: IamServer,
                                                  errors=errors,
                                                  logger=logger)
     if registry:
-        if registry[IamParam.ADMIN_ID] and registry[IamParam.ADMIN_SECRET]:
+        if registry[ServerParam.ADMIN_ID] and registry[ServerParam.ADMIN_SECRET]:
             header_data: dict[str, str] = {
                 "Content-Type": "application/x-www-form-urlencoded"
             }
             body_data: dict[str, str] = {
                 "grant_type": "password",
-                "username": registry[IamParam.ADMIN_ID],
-                "password": registry[IamParam.ADMIN_SECRET],
+                "username": registry[ServerParam.ADMIN_ID],
+                "password": registry[ServerParam.ADMIN_SECRET],
                 "client_id": "admin-cli"
             }
             token_data: dict[str, Any] = __post_for_token(iam_server=iam_server,
@@ -569,7 +673,7 @@ def __get_administrative_token(iam_server: IamServer,
 
         elif logger or isinstance(errors, list):
             msg: str = ("Credentials for administrator of realm "
-                        f"'{registry[IamParam.CLIENT_REALM]}' "
+                        f"'{registry[ServerParam.CLIENT_REALM]}' "
                         f"at IAM server '{iam_server}' not provided")
             if logger:
                 logger.error(msg=msg)
@@ -605,7 +709,7 @@ def __get_client_secret(iam_server: IamServer,
     registry: dict[str, Any] = _get_iam_registry(iam_server=iam_server,
                                                  errors=errors,
                                                  logger=logger)
-    result: str = registry[IamParam.CLIENT_SECRET] if registry else None
+    result: str = registry[ServerParam.CLIENT_SECRET] if registry else None
 
     if not result and not errors:
         # obtain a token with administrative rights
@@ -613,13 +717,13 @@ def __get_client_secret(iam_server: IamServer,
                                                 errors=errors,
                                                 logger=logger)
         if token:
-            realm: str = registry[IamParam.CLIENT_REALM]
-            client_id: str = registry[IamParam.CLIENT_ID]
+            realm: str = registry[ServerParam.CLIENT_REALM]
+            client_id: str = registry[ServerParam.CLIENT_ID]
             if logger:
                 logger.debug(msg=f"Obtaining the UUID for client '{client_id}', "
                                  f"in realm '{realm}' at IAM server '{iam_server}'")
             # obtain the client UUID
-            url: str = f"{registry[IamParam.URL_BASE]}/realms/{realm}/clients"
+            url: str = f"{registry[ServerParam.URL_BASE]}/realms/{realm}/clients"
             header_data: dict[str, str] = {
                 "Authorization": f"Bearer {token}",
                 "Content-Type": "application/json"
@@ -647,7 +751,7 @@ def __get_client_secret(iam_server: IamServer,
                 if reply:
                     # store the client's secret password and return it
                     result = reply["value"]
-                    registry[IamParam.CLIENT_ID] = result
+                    registry[ServerParam.CLIENT_ID] = result
     return result
 
 
@@ -811,11 +915,11 @@ def __post_for_token(iam_server: IamServer,
         if registry:
             # complete the data to send in body of request
             if body_data["grant_type"] != "password":
-                body_data["client_id"] = registry[IamParam.CLIENT_ID]
+                body_data["client_id"] = registry[ServerParam.CLIENT_ID]
 
             # build the URL
-            base_url: str = f"{registry[IamParam.URL_BASE]}/realms/{registry[IamParam.CLIENT_REALM]}"
-            url: str = f"{base_url}/protocol/openid-connect/token"
+            url: str = (f"{registry[ServerParam.URL_BASE]}/realms/"
+                        f"{registry[ServerParam.CLIENT_REALM]}/protocol/openid-connect/token")
             #  'client_secret' data must not be shown in log
             msg: str = f"POST {url}, {json.dumps(obj=body_data,
                                                  ensure_ascii=False)}"
@@ -916,9 +1020,9 @@ def __validate_and_store(iam_server: IamServer,
             public_key: str = _get_public_key(iam_server=iam_server,
                                               errors=errors,
                                               logger=logger)
-            recipient_attr = registry[IamParam.RECIPIENT_ATTR]
+            recipient_attr = registry[ServerParam.RECIPIENT_ATTR]
             login_id = user_data.pop("login-id", None)
-            base_url: str = f"{registry[IamParam.URL_BASE]}/realms/{registry[IamParam.CLIENT_REALM]}"
+            base_url: str = f"{registry[ServerParam.URL_BASE]}/realms/{registry[ServerParam.CLIENT_REALM]}"
             claims: dict[str, dict[str, Any]] = token_validate(token=token,
                                                                issuer=base_url,
                                                                recipient_id=login_id,

{pypomes_iam-0.8.1 → pypomes_iam-0.9.1}/src/pypomes_iam/iam_common.py

@@ -1,26 +1,23 @@
 import requests
 import sys
 from datetime import datetime
-from enum import StrEnum, auto
+from enum import StrEnum
 from logging import Logger
 from pypomes_core import (
     APP_PREFIX, TZ_LOCAL, exc_format,
-    env_get_str,  env_get_int, env_get_enums
+    env_get_int, env_get_str, env_get_strs
 )
 from pypomes_crypto import crypto_jwk_convert
 from threading import RLock
 from typing import Any, Final
 
-
-class IamServer(StrEnum):
-    """
-    Supported IAM servers.
-    """
-    JUSBR = auto()
-    KEYCLOAK = auto()
+_members: dict[str, str] = {key.upper(): key.lower() for key in
+                            env_get_strs(key=f"{APP_PREFIX}_AUTH_SERVERS")}
+IamServer: type[StrEnum] = StrEnum("IamServer", _members)
+del _members
 
 
-class IamParam(StrEnum):
+class ServerParam(StrEnum):
     """
     Parameters for configuring *IAM* servers.
     """
@@ -60,7 +57,7 @@ class UserParam(StrEnum):
     REDIRECT_URI = "redirect-uri"
 
 
-def __get_iam_data() -> dict[IamServer, dict[IamParam, Any]]:
+def __get_iam_data() -> dict[IamServer, dict[ServerParam, Any]]:
     """
     Obtain the configuration data for select *IAM* servers.
 
@@ -68,9 +65,9 @@ def __get_iam_data() -> dict[IamServer, dict[IamParam, Any]]:
     or dynamically with calls to *iam_setup_server()*. Specifying configuration parameters with environment
     variables can be done by following these steps:
 
-    1. Specify *<APP_PREFIX>_IAM_SERVERS* with a list of names among the values found in *IamServer* class
-       (currently, *jusbr* and *keycloak* are supported), and the data set below for each server, where
-       *<IAM>* stands for the server's name as presented in *IamServer* class:
+    1. Specify *<APP_PREFIX>_AUTH_SERVERS* with a list of names among the values found in *IamServer* class
+       and the data set below for each server, where *<IAM>* stands for the server's name as presented in
+       *IamServer* class:
           - *<APP_PREFIX>_<IAM>_ADMIN_ID*           (optional, required if administrative duties are performed)
           - *<APP_PREFIX>_<IAM>_ADMIN_PWD*          (optional, required if administrative duties are performed)
           - *<APP_PREFIX>_<IAM>_CLIENT_ID*          (required)
@@ -91,30 +88,29 @@ def __get_iam_data() -> dict[IamServer, dict[IamParam, Any]]:
           - *<APP_PREFIX>_<IAM>_ENDPOINT_LOGIN*
           - *<APP_PREFIX>_<IAM>_ENDPOINT_LOGOUT*
           - *<APP_PREFIX>_<IAM>_ENDPOINT_TOKEN*
+          - *<APP_PREFIX>_<IAM>_ENDPOINT_USERINFO*
 
     :return: the configuration data for the select *IAM* servers.
     """
     # initialize the return variable
-    result: dict[IamServer, dict[IamParam, Any]] = {}
+    result: dict[IamServer, dict[ServerParam, Any]] = {}
 
-    servers: list[IamServer] = env_get_enums(key=f"{APP_PREFIX}_IAM_SERVERS",
-                                             enum_class=IamServer) or []
-    for server in servers:
+    for server in IamServer:
         prefix = server.name
         result[server] = {
-            IamParam.ADMIN_ID: env_get_str(key=f"{APP_PREFIX}_{prefix}_ADMIN_ID"),
-            IamParam.ADMIN_SECRET: env_get_str(key=f"{APP_PREFIX}_{prefix}_ADMIN_SECRET"),
-            IamParam.CLIENT_ID: env_get_str(key=f"{APP_PREFIX}_{prefix}_CLIENT_ID"),
-            IamParam.CLIENT_REALM: env_get_str(key=f"{APP_PREFIX}_{prefix}_CLIENT_REALM"),
-            IamParam.CLIENT_SECRET: env_get_str(key=f"{APP_PREFIX}_{prefix}_CLIENT_SECRET"),
-            IamParam.LOGIN_TIMEOUT: env_get_str(key=f"{APP_PREFIX}_{prefix}_LOGIN_TIMEOUT"),
-            IamParam.PK_LIFETIME: env_get_int(key=f"{APP_PREFIX}_{prefix}_PUBLIC_KEY_LIFETIME"),
-            IamParam.RECIPIENT_ATTR: env_get_str(key=f"{APP_PREFIX}_{prefix}_RECIPIENT_ATTR"),
-            IamParam.URL_BASE: env_get_str(key=f"{APP_PREFIX}_{prefix}_URL_AUTH_BASE"),
+            ServerParam.ADMIN_ID: env_get_str(key=f"{APP_PREFIX}_{prefix}_ADMIN_ID"),
+            ServerParam.ADMIN_SECRET: env_get_str(key=f"{APP_PREFIX}_{prefix}_ADMIN_SECRET"),
+            ServerParam.CLIENT_ID: env_get_str(key=f"{APP_PREFIX}_{prefix}_CLIENT_ID"),
+            ServerParam.CLIENT_REALM: env_get_str(key=f"{APP_PREFIX}_{prefix}_CLIENT_REALM"),
+            ServerParam.CLIENT_SECRET: env_get_str(key=f"{APP_PREFIX}_{prefix}_CLIENT_SECRET"),
+            ServerParam.LOGIN_TIMEOUT: env_get_str(key=f"{APP_PREFIX}_{prefix}_LOGIN_TIMEOUT"),
+            ServerParam.PK_LIFETIME: env_get_int(key=f"{APP_PREFIX}_{prefix}_PK_LIFETIME"),
+            ServerParam.RECIPIENT_ATTR: env_get_str(key=f"{APP_PREFIX}_{prefix}_RECIPIENT_ATTR"),
+            ServerParam.URL_BASE: env_get_str(key=f"{APP_PREFIX}_{prefix}_URL_BASE"),
             # dynamically set
-            IamParam.PK_EXPIRATION: 0,
-            IamParam.PUBLIC_KEY: None,
-            IamParam.USERS: {}
+            ServerParam.PK_EXPIRATION: 0,
+            ServerParam.PUBLIC_KEY: None,
+            ServerParam.USERS: {}
         }
 
     return result
@@ -153,7 +149,7 @@ def __get_iam_data() -> dict[IamServer, dict[IamParam, Any]]:
 #   },
 #   ...
 # }
-_IAM_SERVERS: Final[dict[IamServer, dict[IamParam, Any]]] = __get_iam_data()
+_IAM_SERVERS: Final[dict[IamServer, dict[ServerParam, Any]]] = __get_iam_data()
 
 
 # the lock protecting the data in '_<IAM>_SERVERS'
@@ -173,7 +169,7 @@ def _iam_server_from_endpoint(endpoint: str,
     :return: the corresponding *IAM* server, or *None* if one could not be obtained
     """
     # initialize the return variable
-    result: IamServer | None = None
+    result: type(IamServer) | None = None
 
     for iam_server in _IAM_SERVERS:
         if endpoint.startswith(iam_server):
@@ -202,10 +198,10 @@ def _iam_server_from_issuer(issuer: str,
     :return: the corresponding *IAM* server, or *None* if one could not be obtained
     """
     # initialize the return variable
-    result: IamServer | None = None
+    result: type(IamServer) | None = None
 
     for iam_server, registry in _IAM_SERVERS.items():
-        base_url: str = f"{registry[IamParam.URL_BASE]}/realms/{registry[IamParam.CLIENT_REALM]}"
+        base_url: str = f"{registry[ServerParam.URL_BASE]}/realms/{registry[ServerParam.CLIENT_REALM]}"
         if base_url == issuer:
             result = IamServer(iam_server)
             break
@@ -268,9 +264,9 @@ def _get_public_key(iam_server: IamServer,
                                                  logger=logger)
     if registry:
         now: int = int(datetime.now(tz=TZ_LOCAL).timestamp())
-        if now > registry[IamParam.PK_EXPIRATION]:
+        if now > registry[ServerParam.PK_EXPIRATION]:
             # obtain the JWKS (JSON Web Key Set) from the token issuer
-            base_url: str = f"{registry[IamParam.URL_BASE]}/realms/{registry[IamParam.CLIENT_REALM]}"
+            base_url: str = f"{registry[ServerParam.URL_BASE]}/realms/{registry[ServerParam.CLIENT_REALM]}"
             url: str = f"{base_url}/protocol/openid-connect/certs"
             if logger:
                 logger.debug(msg=f"Obtaining signature public key used by IAM server '{iam_server}'")
@@ -292,9 +288,9 @@ def _get_public_key(iam_server: IamServer,
                         # convert from 'JWK' to 'PEM' and save it for further use
                         result = crypto_jwk_convert(jwk=jwk,
                                                     fmt="PEM")
-                        registry[IamParam.PUBLIC_KEY] = result
-                        lifetime: int = registry[IamParam.PK_LIFETIME] or 0
-                        registry[IamParam.PK_EXPIRATION] = now + lifetime if lifetime else sys.maxsize
+                        registry[ServerParam.PUBLIC_KEY] = result
+                        lifetime: int = registry[ServerParam.PK_LIFETIME] or 0
+                        registry[ServerParam.PK_EXPIRATION] = now + lifetime if lifetime else sys.maxsize
                         if logger:
                             logger.debug("Public key obtained and saved")
                     else:
@@ -319,7 +315,7 @@ def _get_public_key(iam_server: IamServer,
                 if isinstance(errors, list):
                     errors.append(msg)
         else:
-            result = registry[IamParam.PUBLIC_KEY]
+            result = registry[ServerParam.PUBLIC_KEY]
 
     return result
 
@@ -426,4 +422,4 @@ def _get_iam_users(iam_server: IamServer,
     registry: dict[str, Any] = _get_iam_registry(iam_server=iam_server,
                                                  errors=errors,
                                                  logger=logger)
-    return registry[IamParam.USERS] if registry else None
+    return registry[ServerParam.USERS] if registry else None