Client SDK for Python

Owned by Kari Mattsson
Last updated: 14 May 2020 by Anastasia Gromova (Deactivated)
2 min read

Permalink: https://doc.oneportal.fi/x/H4Cs

Python Prerequisites

There are two versions of Client SDK for Python - core and extension. Core covers REST API requests for users, profile, groups, namespases and data storages, and also allows user to send e-mail and SMS messages. The rest of the APIs are covered in extension client.

To install core version use:

pip install requests
pip install trivoreid

For an extension client use:

pip install requests
pip install trivoreid-extension

How to start

There are two ways to start: using Management API or OpenID credentials.
Configurations for both can be defined in the configuration file or straight in the function. Obviously, for production use, only select secure methods.

Properties file

All credentials will be taken from the properties file. The default path is: /etc/trivoreid/client_sdk.properties.

client_sdk.properties
# Please, replace with proper values to authorize access to the service.

# Must be defined for all types of authorization
service.address=<placeholder>

# For the Password Grant authentication
oidc.client.id=<placeholder>
oidc.client.secret=<placeholder>
password.grant.username=<placeholder>
password.grant.password=<placeholder>

# OAuth2
oidc.client.redirect.uri=<placeholder>

# Management API
mgmtapi.id=<placeholder>
mgmtapi.secret=<placeholder>

# default path name
# /etc/trivoreid/client_sdk.properties

Management API

client_sdk.properties
service.address=<placeholder>
mgmtapi.id=<placeholder>
mgmtapi.secret=<placeholder>

Start TrivoreID SDK

example.py
from trivoreid.client import TrivoreID

# in case we have properties file
api = TrivoreID()

# or values can be passed as method arguments
api = TrivoreID(server='serverURL',
    			client_id='clientID',
    			client_secret='clientSecret')

OpenID Client

The configurations for the authorization, token, scopes and userinfo endpoints can be found in '<server-url>/.well-known/openid-configuration' url.

For implementing OAuth2 for the sdk, use requests_oauthlib.OAuth2Session.
Example of the OAuth2.

example.py
import trivoreid.utils.service_utils as su

from trivoreid.client import TrivoreID
from requests_oauthlib import OAuth2Session

scope = [ 'scope1', 'scope2' ]

client_id = 'clientID'
client_secret = 'clientSecret'
redirect_uri = 'redirectURI'
server = 'serverURL'

oauth = OAuth2Session(client_id=client_id,
                      redirect_uri=redirect_uri,
                      scope=scope)

# then go to the authorization link, sign in with the user and copy full
# link you were redirected to
link = 'full-redirect-link'
token = oauth.fetch_token(server + '/openid/token',
						  authorization_response=link,
					      client_secret=client_secret)

api = TrivoreID(oauth=oauth)

# api.oidc_user gives information about the authorized user.
#
# print(api.oidc_user.serialize()) gives us:
# {
#   'id': 'exampleID',
#   'email': 'example@trivore.com',
#   'email_verified': False,
#   'phone': None,
#   'phone_number_verified': None,
#   'preferred_username': None,
#   'groups': None,
#   'nsCode': 'examplecode'
# }

Password Grant

NB! It is strongly recommended to avoid using Password Grant due to security reasons.

Password grant is disabled for the OIDS Client by default. Ask administrator to enable it in order to use.

client_sdk.properties
service.address=<placeholder>
oidc.client.id=<placeholder>
oidc.client.secret=<placeholder>
password.grant.username=<placeholder>
password.grant.password=<placeholder>
example.py
from trivoreid.client import TrivoreID
from trivoreid.oidc.oidc_client import OidcClient

# in case we have properties file
oidc = OidcClient(scopes='scope1 scope2')

# or values can be passed as method arguments
oidc = OidcClient(scopes='scope1 scope2',
    			  client_id='clientID',
    			  client_secret='clientSecret',
    			  username='username',
    			  password='password')

access_token = oidc.get_access_token()

api = TrivoreID(access_token=access_token)

OIDC User

OpenID Client SDK and Password Grant give access to the user's own authorized user profile.

api = TrivoreID(access_token=access_token)

print(api.oidc_user.serialize())

This gives us:

{
'id': 'exampleId',
'preferred_username': '12345678',
'email': 'example1@trivore.com',
'email_verified': False,
'phone': '+358401234567',
'phone_number_verified': False,
'groups': ['gr001', 'gr002'],
'nsCode': 'testsdk'
}

Exceptions

TrivoreIDException

Exception is thrown when network or TrivoreID failure occurred. The exception contains error code of the response that allows to handle errors individually.

TrivoreIDSDKException

Exception is thrown when TrivoreID SDK is incorrectly used.