JWTTokenAuth Class
CBS authentication using JWT tokens.
- Inheritance
-
JWTTokenAuthJWTTokenAuth
Constructor
JWTTokenAuth(audience, uri, get_token, expires_in=datetime.timedelta(seconds=3600), expires_at=None, port=None, timeout=10, retry_policy=<uamqp.authentication.cbs_auth.TokenRetryPolicy object>, verify=None, token_type=b'jwt', http_proxy=None, transport_type=TransportType.Amqp, encoding='UTF-8', **kwargs)Parameters
| Name | Description |
|---|---|
|
audience
Required
|
The token audience field. For JWT tokens this is usually the URI. |
|
uri
Required
|
The AMQP endpoint URI. This must be provided as a decoded string. |
|
get_token
Required
|
<xref:<xref:callable object>>
The callback function used for getting and refreshing tokens. It should return a valid jwt token each time it is called. |
|
expires_in
|
The total remaining seconds until the token expires - default for JWT token generated by AAD is 3600s (1 hour). Default value: 1:00:00
|
|
expires_at
|
The timestamp at which the JWT token will expire formatted as seconds since epoch. Default value: None
|
|
port
|
The TLS port - default for AMQP is 5671. Default value: None
|
|
timeout
|
The timeout in seconds in which to negotiate the token. The default value is 10 seconds. Default value: 10
|
|
retry_policy
|
The retry policy for the PUT token request. The default retry policy has 3 retries. |
|
verify
|
The path to a user-defined certificate. Default value: None
|
|
token_type
|
The type field of the token request. Default value is b"jwt". Default value: b'jwt'
|
|
http_proxy
|
HTTP proxy configuration. This should be a dictionary with the following keys present: 'proxy_hostname' and 'proxy_port'. Additional optional keys are 'username' and 'password'. Default value: None
|
|
transport_type
|
<xref:uamqp.TransportType>
The transport protocol type - default is ~uamqp.TransportType.Amqp. ~uamqp.TransportType.AmqpOverWebsocket is applied when http_proxy is set or the transport type is explicitly requested. Default value: TransportType.Amqp
|
|
encoding
|
The encoding to use if hostname is provided as a str. Default is 'UTF-8'. Default value: UTF-8
|
Keyword-Only Parameters
| Name | Description |
|---|---|
|
refresh_window
|
The time in seconds before the token expiration time to start the process of token refresh. Default value is 10% of the remaining seconds until the token expires. |
Methods
| close |
Close the authentication layer and cleanup all the authentication wrapper objects. |
| close_authenticator |
Close the CBS auth channel and session. |
| create_authenticator | |
| handle_token |
This function is called periodically to check the status of the current token if there is one, and request a new one if needed. If the token request fails, it will be retried according to the retry policy. A token refresh will be attempted if the token will expire soon. This function will return a tuple of two booleans. The first represents whether the token authentication has not completed within it's given timeout window. The second indicates whether the token negotiation is still in progress. |
| set_io | |
| set_tlsio |
Setup the default underlying TLS IO layer. On Windows this is Schannel, on Linux and MacOS this is OpenSSL. |
| set_wsio |
Setup the default underlying Web Socket IO layer. |
| update_token |
close
Close the authentication layer and cleanup all the authentication wrapper objects.
close()close_authenticator
Close the CBS auth channel and session.
close_authenticator()create_authenticator
create_authenticator(connection, debug=False, **kwargs)Parameters
| Name | Description |
|---|---|
|
connection
Required
|
|
|
debug
|
Default value: False
|
handle_token
This function is called periodically to check the status of the current token if there is one, and request a new one if needed. If the token request fails, it will be retried according to the retry policy. A token refresh will be attempted if the token will expire soon.
This function will return a tuple of two booleans. The first represents whether the token authentication has not completed within it's given timeout window. The second indicates whether the token negotiation is still in progress.
handle_token()Returns
| Type | Description |
|---|---|
Exceptions
| Type | Description |
|---|---|
|
uamqp.errors.AuthenticationException if the token authentication fails.
|
|
|
uamqp.errors.TokenExpired if the token has expired and cannot berefreshed.
|
set_io
set_io(hostname, port, http_proxy, transport_type)Parameters
| Name | Description |
|---|---|
|
hostname
Required
|
|
|
port
Required
|
|
|
http_proxy
Required
|
|
|
transport_type
Required
|
|
set_tlsio
Setup the default underlying TLS IO layer. On Windows this is Schannel, on Linux and MacOS this is OpenSSL.
set_tlsio(hostname, port)Parameters
| Name | Description |
|---|---|
|
hostname
Required
|
The endpoint hostname. |
|
port
Required
|
The TLS port. |
set_wsio
Setup the default underlying Web Socket IO layer.
set_wsio(hostname, port, http_proxy)Parameters
| Name | Description |
|---|---|
|
hostname
Required
|
The endpoint hostname. |
|
port
Required
|
The WSS port. |
|
http_proxy
Required
|
|
update_token
update_token()
Azure SDK for Python
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for