Skip to content

taipy.auth.Authenticator

User Authentication.

Available in Taipy Enterprise only

This class exists only in the Enterprise edition of Taipy.

An Authenticator uses a protocol to validate a username and password combination.

The supported protocols are:

  • "LDAP": The authenticator can connect to an LDAP server and requests the authentication of a given username and password pair.
    User roles are retrieved from the LDAP groups assigned to the user.
  • "Taipy": An internal protocol designed for testing purposes. Configuration allows to specify a password and a set of roles for every user name.
  • "None": Provides no authentication. Authentication is assumed to succeed no matter what username and password are provided. User roles are set to an empty set.

Default Authenticator

The first authenticator created by the application (either explicitly or when login() is called for the first time) is stored as a special authenticator, known as the default authenticator.
This authenticator is used in every subsequent calls to login().

__init__(protocol, secret_key=None, auth_session_duration=3600, **kwargs)

Initialize a new Authenticator.

Parameters:

Name Type Description Default
protocol Optional[str]

The name of the protocol to use ("ldap", "taipy" or "none").

required
secret_key Optional[str]

A secret string used to internally encrypt the credentials' information. The default value is set at run-time to a random text string.

None
auth_session_duration int

How long, in seconds, are credentials valid after their creation. The default value is 3600, corresponding to an hour.

3600
**kwargs

Additional arguments that depend on the indicated protocol.
Depending on the protocol, these arguments are:

  • "LDAP" protocol: the following arguments are accepted:
    • server: the URL of the LDAP server this authenticator connects to. The default value is: "ldap://127.0.0.1:389".
    • base_dn: the LDAP distinguished name that is used. The default is "".
  • "Taipy" protocol: the following arguments are accepted:
    • roles: a dictionary that configures the association of usernames to roles.
    • passwords: if required, a dictionary that configures the association of usernames to hashed passwords. A user can be authenticated if it appears at least in one of the roles or the password dictionaries.
      If it only appears in roles, then the user is authenticated if provided a password exactly identical to its username.
      If it only appears in passwords, then the user is assigned no roles.
  • "None": No additional arguments are required.
{}

get_default() staticmethod

Returns the default Authenticator.

If there is no default Authenticator, one is created:

  • If a configuration is loaded, this function looks into it to find properties that might define a default authenticator.
    Specifically, if the AUTHENTICATION.protocol property is set, then it indicates what kind of authenticator ("none", "taipy" or "ldap") should be created as the default authenticator. It corresponds to the protocol argument of the Authenticator constructor.
    Other configuration properties can be set to configure the default authenticator further, as we can see in the documentation for the constructor for Authenticator.

  • If the main Python script sits next to a taipy_auth_<protocol>.json file, an Authenticator for this protocol is created.
    Supported protocols are "none", "ldap" and "taipy". The documentation for the Authenticator class provides more information.
    This file should contain the JSON representation of the config dictionary parameter of the Authenticator constructor.

  • If no such file exists, a None Authenticator is created.

This new authenticator is then set as the default authenticator.

login(username, password)

Log a user in.

This function uses this authenticator's protocol to try to authenticate the user with the provided password.

Parameters:

Name Type Description Default
username str

The name of the user to authenticate.

required
password str

The password to use to authenticate the user.

required

Returns:

Name Type Description
Credentials Credentials

On success, a valid Credentials instance is created and returned.

Raises:

Type Description
InvalidCredentials

If the user and password do not match.