Authenticator class
User Authentication.
Available in Taipy Enterprise only
This class exists only in the Enterprise edition of Taipy.
An Authenticator uses a protocol to validate a user's credentials.
The supported protocols are:
- "LDAP": The authenticator can connect to an LDAP server and requests
the authentication of a given username and password pair.
User roles are retrieved from the LDAP groups assigned to the user. - "Entra ID": The authenticator uses the Entra ID protocol supported by Entra ID to
authenticate a user.
The user is authenticated using the logged-in Entra ID account in your browser. The user roles are retrieved from the Entra ID account's groups. - "Taipy": An internal protocol designed for testing purposes. Configuration allows to specify a password and a set of roles for every username.
- "None": Provides no authentication. Authentication is assumed to succeed no matter what username and password are provided. User roles are set to an empty set.
Authenticator
When the login()
is called, all configured
authenticators are created to be used alongside other Authenticators created explicitly.
Attributes¶
Methods¶
__init__() ¶
__init__(
protocol: Optional[str],
secret_key: Optional[str] = None,
auth_session_duration: int = 3600,
**kwargs
) -> None
Initialize a new Authenticator.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
protocol |
Optional[str]
|
The name of the protocol to use ("ldap", "entra_id", "taipy", or "none"). |
required |
secret_key |
Optional[str]
|
A secret string used to internally encrypt the credentials' information. The default value is set at run-time to a random text string. |
None
|
auth_session_duration |
int
|
How long, in seconds, are credentials valid after their creation. The default value is 3600, corresponding to an hour. |
3600
|
**kwargs |
dict[str, any]
|
Additional arguments that depend on the indicated protocol.
|
{}
|
get_auth_url() ¶
get_auth_url(
redirect_url: str, request_data: Dict[str, Any] = None
) -> str
Get the SSO URL to authenticate a user.
This function is used to get the URL to redirect the user to the SSO service. The user will be authenticated by the SSO service and redirected back to the application with the necessary information.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
redirect_url |
str
|
The URL to redirect the user to after the authentication. |
required |
request_data |
Dict[str, Any]
|
Additional data to pass to the SSO service. |
None
|
get_authenticators()
staticmethod
¶
get_authenticators() -> List[Authenticator]
Returns the list of Authenticators.
If there is no Authenticator, new Authenticators are created.
-
If a configuration is loaded, this function looks into it to find the configured authenticators. Specifically, if the AUTHENTICATION.protocol property is set, then it indicates what kind of authenticator ("none", "taipy", "entra_id", or "ldap") should be created. It corresponds to the protocol argument of the
Authenticator
constructor.
Other configuration properties can be set to configure the authenticator further, as we can see in the documentation for the constructor forAuthenticator
. -
If the main Python script sits next to a
taipy_auth_<protocol>.json
file, anAuthenticator
for this protocol is created.
Supported protocols are "none", "ldap", "entra_id", and "taipy". The documentation for theAuthenticator
class provides more information.
This file should contain the JSON representation of the config dictionary parameter of theAuthenticator
constructor. - If no such file exists, a None Authenticator is created.
handle_auth_response() ¶
handle_auth_response(
auth_code: str, payload: Dict[str, Any]
) -> Credentials
Handle the authentication response from the SSO service.
This function is used to handle the response from the SSO service after the user
has been authenticated. The response contains the necessary information to create
the Credentials
object.
Arguments:
auth_code (str): The authentication code received from the SSO service.
Returns:
Credentials: A valid Credentials
instance.
payload: The payload received from the SSO service.
login() ¶
login(
username: Optional[str] = None,
password: Optional[str] = None,
) -> Credentials
Log a user in.
This function uses this authenticator's protocol to try to authenticate the user with the provided password. If the username and password are not provided, the function will attempt to authenticate the user using the Entra ID protocol.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
username |
Optional[str]
|
The name of the user to authenticate. |
None
|
password |
Optional[str]
|
The password to use to authenticate the user. |
None
|
Returns:
Name | Type | Description |
---|---|---|
Credentials |
Credentials
|
On success, a valid |
Raises:
Type | Description |
---|---|
InvalidCredentials
|
If the user and password do not match. |