{"type":"doc","content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"end"}}],"content":[{"text":"Permalink:","type":"text","marks":[{"type":"textColor","attrs":{"color":"#7a869a"}}]},{"text":" ","type":"text"},{"text":"https://doc.oneportal.fi/x/H4Cs","type":"text","marks":[{"type":"link","attrs":{"href":"https://doc.oneportal.fi/x/H4Cs"}}]}]},{"type":"extension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"ee5602a5-1e29-4b92-8250-9ef73f29e4d2"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}}}},{"type":"extension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"children","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"85f76752-3633-4ed3-a911-aa594c32809a"},"schemaVersion":{"value":"2"},"title":"Child pages (Children Display)"}}}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Python Prerequisites","type":"text"}]},{"type":"paragraph","content":[{"text":"There are two versions of Client SDK for Python - core and extension. Core covers REST API requests for ","type":"text"},{"text":"users","type":"text","marks":[{"type":"em"}]},{"text":", ","type":"text"},{"text":"profile","type":"text","marks":[{"type":"em"}]},{"text":", ","type":"text"},{"text":"groups","type":"text","marks":[{"type":"em"}]},{"text":", ","type":"text"},{"text":"namespases","type":"text","marks":[{"type":"em"}]},{"text":" and ","type":"text"},{"text":"data storages","type":"text","marks":[{"type":"em"}]},{"text":", and also allows user to send e-mail and SMS messages. The rest of the APIs are covered in extension client.","type":"text"}]},{"type":"paragraph","content":[{"text":"To install core version use:","type":"text"}]},{"type":"codeBlock","content":[{"text":"pip install requests\npip install trivoreid","type":"text"}]},{"type":"paragraph","content":[{"text":"For an extension client use:","type":"text"}]},{"type":"codeBlock","content":[{"text":"pip install requests\npip install trivoreid-extension","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"How to start","type":"text"}]},{"type":"paragraph","content":[{"text":"There are two ways to start: using Management API or OpenID credentials.","type":"text"},{"type":"hardBreak"},{"text":"Configurations for both can be defined in the configuration file or straight in the function. Obviously, for production use, only select secure methods.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Properties file","type":"text"}]},{"type":"paragraph","content":[{"text":"All credentials will be taken from the properties file. The default path is: ","type":"text"},{"text":"/etc/trivoreid/client_sdk.properties","type":"text","marks":[{"type":"em"}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"client_sdk.properties","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"powershell"},"content":[{"text":"# Please, replace with proper values to authorize access to the service.\n\n# Must be defined for all types of authorization\nservice.address=\n\n# For the Password Grant authentication\noidc.client.id=\noidc.client.secret=\npassword.grant.username=\npassword.grant.password=\n\n# OAuth2\noidc.client.redirect.uri=\n\n# Management API\nmgmtapi.id=\nmgmtapi.secret=\n\n# default path name\n# /etc/trivoreid/client_sdk.properties\n\n","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Management API","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"client_sdk.properties","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"powershell"},"content":[{"text":"service.address=\nmgmtapi.id=\nmgmtapi.secret=\n","type":"text"}]},{"type":"paragraph","content":[{"text":"Start TrivoreID SDK","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"example.py","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"python"},"content":[{"text":"from trivoreid.client import TrivoreID\n\n# in case we have properties file\napi = TrivoreID()\n\n# or values can be passed as method arguments\napi = TrivoreID(server='serverURL',\n \t\t\tclient_id='clientID',\n \t\t\tclient_secret='clientSecret')","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"OpenID Client","type":"text"}]},{"type":"paragraph","content":[{"text":"The configurations for the authorization, token, scopes and userinfo endpoints can be found in '/.well-known/openid-configuration' url.","type":"text"}]},{"type":"paragraph","content":[{"text":"For implementing OAuth2 for the sdk, use ","type":"text"},{"text":"requests_oauthlib.OAuth2Session","type":"text","marks":[{"type":"em"}]},{"text":".","type":"text"},{"type":"hardBreak"},{"text":"Example of the OAuth2.","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"example.py","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"python"},"content":[{"text":"import trivoreid.utils.service_utils as su\n\nfrom trivoreid.client import TrivoreID\nfrom requests_oauthlib import OAuth2Session\n\nscope = [ 'scope1', 'scope2' ]\n\nclient_id = 'clientID'\nclient_secret = 'clientSecret'\nredirect_uri = 'redirectURI'\nserver = 'serverURL'\n\noauth = OAuth2Session(client_id=client_id,\n redirect_uri=redirect_uri,\n scope=scope)\n\n# then go to the authorization link, sign in with the user and copy full\n# link you were redirected to\nlink = 'full-redirect-link'\ntoken = oauth.fetch_token(server + '/openid/token',\n\t\t\t\t\t\t authorization_response=link,\n\t\t\t\t\t client_secret=client_secret)\n\napi = TrivoreID(oauth=oauth)\n\n# api.oidc_user gives information about the authorized user.\n#\n# print(api.oidc_user.serialize()) gives us:\n# {\n# 'id': 'exampleID',\n# 'email': 'example@trivore.com',\n# 'email_verified': False,\n# 'phone': None,\n# 'phone_number_verified': None,\n# 'preferred_username': None,\n# 'groups': None,\n# 'nsCode': 'examplecode'\n# }","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Password Grant","type":"text"}]},{"type":"paragraph","content":[{"text":"NB! It is strongly recommended to avoid using Password Grant due to security reasons.","type":"text"}]},{"type":"paragraph","content":[{"text":"Password grant is disabled for the OIDS Client by default. Ask administrator to enable it in order to use.","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"client_sdk.properties","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"powershell"},"content":[{"text":"service.address=\noidc.client.id=\noidc.client.secret=\npassword.grant.username=\npassword.grant.password=\n","type":"text"}]},{"type":"paragraph","content":[{"type":"hardBreak"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"example.py","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"python"},"content":[{"text":"from trivoreid.client import TrivoreID\nfrom trivoreid.oidc.oidc_client import OidcClient\n\n# in case we have properties file\noidc = OidcClient(scopes='scope1 scope2')\n\n# or values can be passed as method arguments\noidc = OidcClient(scopes='scope1 scope2',\n \t\t\t client_id='clientID',\n \t\t\t client_secret='clientSecret',\n \t\t\t username='username',\n \t\t\t password='password')\n\naccess_token = oidc.get_access_token()\n\napi = TrivoreID(access_token=access_token)","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"OIDC User","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"OpenID Client SDK and Password Grant give access to the user's own authorized user profile.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"python"},"content":[{"text":"api = TrivoreID(access_token=access_token)\n\nprint(api.oidc_user.serialize())","type":"text"}]},{"type":"paragraph","content":[{"text":"This gives us:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"python"},"content":[{"text":"{\n'id': 'exampleId',\n'preferred_username': '12345678',\n'email': 'example1@trivore.com',\n'email_verified': False,\n'phone': '+358401234567',\n'phone_number_verified': False,\n'groups': ['gr001', 'gr002'],\n'nsCode': 'testsdk'\n}","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Exceptions","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"TrivoreIDException","type":"text"}]},{"type":"paragraph","content":[{"text":"Exception is thrown when network or TrivoreID failure occurred. The exception contains error code of the response that allows to handle errors individually.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"TrivoreIDSDKException","type":"text"}]},{"type":"paragraph","content":[{"text":"Exception is thrown when TrivoreID SDK is incorrectly used.","type":"text"}]},{"type":"paragraph","content":[{"type":"hardBreak"}]},{"type":"paragraph","content":[{"type":"hardBreak"}]}],"version":1}