Skip to content

taipy.auth.Authenticator

User Authentication.

Available in Taipy Enterprise only

This class exists only in the Enterprise edition of Taipy.

An Authenticator uses a protocol to validate a username and password combination.

The supported protocols are:

  • "LDAP": The authenticator can connect to an LDAP server and requests the authentication of a given username and password pair.
    User roles are retrieved from the LDAP groups assigned to the user.
  • "Taipy": An internal protocol designed for testing purposes. Configuration allows to specify a password and a set of roles for every user name.
  • "None": Provides no authentication. Authentication is assumed to succeed no matter what username and password are provided. User roles are set to an empty set.

Default Authenticator

The first authenticator created by the application (either explicitly or when login() is called for the first time) is stored as a special authenticator, known as the default authenticator.
This authenticator is used in every subsequent calls to login().

__init__(protocol, secret_key=None, auth_session_duration=3600, **kwargs)

Initialize a new Authenticator.

Parameters:

Name Type Description Default
protocol str

The name of the protocol to use ("ldap", "taipy" or "none").

 required
secret_key Optional[str]

A secret string used to internally encrypt the credentials' information. The default value is set at run-time to a random text string.

 None
auth_session_duration int

How long, in seconds, are credentials valid after their creation. The default value is 3600, corresponding to an hour.

 3600
**kwargs Dict

Additional arguments that depend on the indicated protocol.
Depending on the protocol, these arguments are:

  • "LDAP" protocol: the following arguments are accepted:
    • server: the URL of the LDAP server this authenticator connects to. The default value is: "ldap://127.0.0.1:389".
    • base_dn: the LDAP distinguished name that is used. The default is "".
  • "Taipy" protocol: the following arguments are accepted:
    • roles: a dictionary that configures the association of usernames to roles.
    • passwords: if required, a dictionary that configures the association of usernames to hashed passwords. A user can be authenticated if it appears at least in one of the roles or the password dictionaries.
      If it only appears in roles, then the user is authenticated if provided a password exactly identical to its username.
      If it only appears in passwords, then the user is assigned no roles.
  • "None": No additional arguments are required.
 {}

get_default() staticmethod

Returns the default Authenticator.

If there is no default Authenticator, one is created:

  • If Taipy Core is installed (the taipy.core package), then this function looks in the Global Configuration for properties that might define a default authenticator.
    Specifically, if the Config.global_config.auth_protocol property is set, then it indicates what kind of authenticator ("none", "taipy" or "ldap") should be created as the default authenticator. It corresponds to the protocol argument of the Authenticator constructor
    Other global configuration properties can be set to further configure the default authenticator as we can see in the documentation for the constructor for Authenticator.

  • If the main Python script sits next to a taipy_auth_<protocol>.json file, an Authenticator for this protocol is created.
    Supported protocols are "none", "ldap" and "taipy". The documentation for the Authenticator class provides more information.
    This file should contain the JSON representation of the config dictionary parameter of the Authenticator constructor.

  • If no such file exists, a None Authenticator is created.

This new authenticator is then set as the default authenticator.

login(username, password)

Log a user in.

This function uses this authenticator's protocol to try to authenticate the user with the provided password.

Parameters:

Name Type Description Default
username str

The name of the user to authenticate.

 required
password str

The password to use to authenticate the user.

 required

Returns:

Name Type Description
Credentials Credentials

On success, a valid Credentials instance is created and returned.

Raises:

Type Description
InvalidCredentials

If the user and password do not match.