1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
# Copyright 2012 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import abc
from keystone import exception
class Provider(object, metaclass=abc.ABCMeta):
"""Interface description for a Token provider."""
@abc.abstractmethod
def validate_token(self, token_id):
"""Validate a given token by its ID and return the token_data.
:param token_id: the unique ID of the token
:type token_id: str
:returns: token data as a tuple in the form of:
(user_id, methods, audit_ids, system, domain_id, project_id,
trust_id, federated_group_ids, identity_provider_id, protocol_id,
access_token_id, app_cred_id, issued_at, expires_at)
``user_id`` is the unique ID of the user as a string
``methods`` a list of authentication methods used to obtain the token
``audit_ids`` a list of audit IDs for the token
``system`` a dictionary containing system scope if system-scoped
``domain_id`` the unique ID of the domain if domain-scoped
``project_id`` the unique ID of the project if project-scoped
``trust_id`` the unique identifier of the trust if trust-scoped
``federated_group_ids`` list of federated group IDs
``identity_provider_id`` unique ID of the user's identity provider
``protocol_id`` unique ID of the protocol used to obtain the token
``access_token_id`` the unique ID of the access_token for OAuth1 tokens
``app_cred_id`` the unique ID of the application credential
``param thumbprint`` thumbprint of the certificate for OAuth2.0 mTLS
``issued_at`` a datetime object of when the token was minted
``expires_at`` a datetime object of when the token expires
:raises keystone.exception.TokenNotFound: If the token doesn't exist.
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def generate_id_and_issued_at(self, token):
"""Generate a token based on the information provided.
:param token: A token object containing information about the
authorization context of the request.
:type token: `keystone.models.token.TokenModel`
:returns: tuple containing an ID for the token and the issued at time
of the token (token_id, issued_at).
"""
raise exception.NotImplemented() # pragma: no cover
|