atoti_query.security.oidc_security module#
- class atoti_query.security.oidc_security.OidcSecurity#
Manage OIDC security on the session.
Note
This requires an
OidcConfig
to be passed toatoti.Session.__init__()
’s authentication parameter.Example
>>> import os >>> session = tt.Session( ... authentication=tt.OidcConfig( ... provider_id="auth0", ... issuer_url=os.environ["AUTH0_ISSUER"], ... client_id=os.environ["AUTH0_CLIENT_ID"], ... client_secret=os.environ["AUTH0_CLIENT_SECRET"], ... name_claim="email", ... scopes=["email", "profile", "username"], ... roles_claims=["https://activeviam.com/roles"], ... ), ... port=1234, ... ) >>> table = session.create_table( ... "Restrictions example", types={"Country": tt.STRING} ... ) >>> session.security.restrictions.update( ... { ... "ROLE_FRANCE": table["Country"] == "France", ... "ROLE_UK": table["Country"] == "UK", ... } ... )
Roles from the authentication provider’s ID Token can be mapped to roles in the session:
>>> session.security.oidc.role_mapping.update( ... {"atoti user": {"ROLE_USER"}, "France": {"ROLE_FRANCE"}} ... ) >>> session.security.oidc.role_mapping {'atoti user': {'ROLE_USER'}, 'France': {'ROLE_FRANCE'}}
Default roles can be given to users who have been granted no individual and mapped roles:
>>> session.security.oidc.default_roles.add("ROLE_UK") >>> session.security.oidc.default_roles {'ROLE_UK'}
- property default_roles: DefaultRoles#
- property role_mapping: RoleMapping#
The role mapping is done with the roles included in the ID Token sent by the authentication provider.