NOTE: Trivore ID Documentation has moved to https://trivoreid.com
The content on this site IS OUT OF DATE!
This space has been archived!
Please go ahead to the new site!
Client SDK for Python
- Kari Mattsson
- Anastasia Gromova (Deactivated)
Permalink: https://doc.oneportal.fi/x/H4Cs
- 1 Python Prerequisites
- 2 How to start
- 2.1 Properties file
- 2.1.1 client_sdk.properties
- 2.2 Management API
- 2.2.1 client_sdk.properties
- 2.2.2 example.py
- 2.3 OpenID Client
- 2.3.1 example.py
- 2.4 Password Grant
- 2.4.1 client_sdk.properties
- 2.4.2 example.py
- 2.5 OIDC User
- 2.1 Properties file
- 3 Exceptions
Python Prerequisites
There are two versions of Client SDK for Python - core and extension. Core covers REST API requests for users, profile, groups, namespases and data storages, and also allows user to send e-mail and SMS messages. The rest of the APIs are covered in extension client.
To install core version use:
pip install requests
pip install trivoreidFor an extension client use:
pip install requests
pip install trivoreid-extensionHow to start
There are two ways to start: using Management API or OpenID credentials.
Configurations for both can be defined in the configuration file or straight in the function. Obviously, for production use, only select secure methods.
Properties file
All credentials will be taken from the properties file. The default path is: /etc/trivoreid/client_sdk.properties.
client_sdk.properties
# Please, replace with proper values to authorize access to the service.
# Must be defined for all types of authorization
service.address=<placeholder>
# For the Password Grant authentication
oidc.client.id=<placeholder>
oidc.client.secret=<placeholder>
password.grant.username=<placeholder>
password.grant.password=<placeholder>
# OAuth2
oidc.client.redirect.uri=<placeholder>
# Management API
mgmtapi.id=<placeholder>
mgmtapi.secret=<placeholder>
# default path name
# /etc/trivoreid/client_sdk.properties
Management API
client_sdk.properties
service.address=<placeholder>
mgmtapi.id=<placeholder>
mgmtapi.secret=<placeholder>
Start TrivoreID SDK
example.py
from trivoreid.client import TrivoreID
# in case we have properties file
api = TrivoreID()
# or values can be passed as method arguments
api = TrivoreID(server='serverURL',
client_id='clientID',
client_secret='clientSecret')OpenID Client
The configurations for the authorization, token, scopes and userinfo endpoints can be found in '<server-url>/.well-known/openid-configuration' url.
For implementing OAuth2 for the sdk, use requests_oauthlib.OAuth2Session.
Example of the OAuth2.
example.py
import trivoreid.utils.service_utils as su
from trivoreid.client import TrivoreID
from requests_oauthlib import OAuth2Session
scope = [ 'scope1', 'scope2' ]
client_id = 'clientID'
client_secret = 'clientSecret'
redirect_uri = 'redirectURI'
server = 'serverURL'
oauth = OAuth2Session(client_id=client_id,
redirect_uri=redirect_uri,
scope=scope)
# then go to the authorization link, sign in with the user and copy full
# link you were redirected to
link = 'full-redirect-link'
token = oauth.fetch_token(server + '/openid/token',
authorization_response=link,
client_secret=client_secret)
api = TrivoreID(oauth=oauth)
# api.oidc_user gives information about the authorized user.
#
# print(api.oidc_user.serialize()) gives us:
# {
# 'id': 'exampleID',
# 'email': 'example@trivore.com',
# 'email_verified': False,
# 'phone': None,
# 'phone_number_verified': None,
# 'preferred_username': None,
# 'groups': None,
# 'nsCode': 'examplecode'
# }Password Grant
NB! It is strongly recommended to avoid using Password Grant due to security reasons.
Password grant is disabled for the OIDS Client by default. Ask administrator to enable it in order to use.
client_sdk.properties
service.address=<placeholder>
oidc.client.id=<placeholder>
oidc.client.secret=<placeholder>
password.grant.username=<placeholder>
password.grant.password=<placeholder>
example.py
from trivoreid.client import TrivoreID
from trivoreid.oidc.oidc_client import OidcClient
# in case we have properties file
oidc = OidcClient(scopes='scope1 scope2')
# or values can be passed as method arguments
oidc = OidcClient(scopes='scope1 scope2',
client_id='clientID',
client_secret='clientSecret',
username='username',
password='password')
access_token = oidc.get_access_token()
api = TrivoreID(access_token=access_token)OIDC User
OpenID Client SDK and Password Grant give access to the user's own authorized user profile.
api = TrivoreID(access_token=access_token)
print(api.oidc_user.serialize())This gives us:
{
'id': 'exampleId',
'preferred_username': '12345678',
'email': 'example1@trivore.com',
'email_verified': False,
'phone': '+358401234567',
'phone_number_verified': False,
'groups': ['gr001', 'gr002'],
'nsCode': 'testsdk'
}Exceptions
TrivoreIDException
Exception is thrown when network or TrivoreID failure occurred. The exception contains error code of the response that allows to handle errors individually.
TrivoreIDSDKException
Exception is thrown when TrivoreID SDK is incorrectly used.