SASTokenAuth Class
CBS authentication using SAS tokens.
- Inheritance
-
SASTokenAuthSASTokenAuth
Constructor
SASTokenAuth(audience, uri, token, expires_in=None, expires_at=None, username=None, password=None, port=None, timeout=10, retry_policy=<uamqp.authentication.cbs_auth.TokenRetryPolicy object>, verify=None, token_type=b'servicebus.windows.net:sastoken', http_proxy=None, transport_type=TransportType.Amqp, encoding='UTF-8', **kwargs)
Parameters
Name | Description |
---|---|
audience
Required
|
The token audience field. For SAS tokens this is usually the URI. |
uri
Required
|
The AMQP endpoint URI. This must be provided as a decoded string. |
token
Required
|
str or
<xref:bytes.>
The SAS token. |
expires_in
|
The total remaining seconds until the token expires. Default value: None
|
expires_at
|
The timestamp at which the SAS token will expire formatted as seconds since epoch. Default value: None
|
username
|
The SAS token username, also referred to as the key name or policy name. This can optionally be encoded into the URI. Default value: None
|
password
|
The SAS token password, also referred to as the key. This can optionally be encoded into the URI. Default value: None
|
port
|
The TLS port - default for AMQP is 5671. Default value: None
|
timeout
|
The timeout in seconds in which to negotiate the token. The default value is 10 seconds. Default value: 10
|
retry_policy
|
The retry policy for the PUT token request. The default retry policy has 3 retries. |
verify
|
The path to a user-defined certificate. Default value: None
|
token_type
|
The type field of the token request. Default value is b"servicebus.windows.net:sastoken". Default value: b'servicebus.windows.net:sastoken'
|
http_proxy
|
HTTP proxy configuration. This should be a dictionary with the following keys present: 'proxy_hostname' and 'proxy_port'. Additional optional keys are 'username' and 'password'. Default value: None
|
transport_type
|
<xref:uamqp.TransportType>
The transport protocol type - default is ~uamqp.TransportType.Amqp. ~uamqp.TransportType.AmqpOverWebsocket is applied when http_proxy is set or the transport type is explicitly requested. Default value: TransportType.Amqp
|
encoding
|
The encoding to use if hostname is provided as a str. Default is 'UTF-8'. Default value: UTF-8
|
Keyword-Only Parameters
Name | Description |
---|---|
refresh_window
|
The time in seconds before the token expiration time to start the process of token refresh. Default value is 10% of the remaining seconds until the token expires. |
Methods
close |
Close the authentication layer and cleanup all the authentication wrapper objects. |
close_authenticator |
Close the CBS auth channel and session. |
create_authenticator |
Create the AMQP session and the CBS channel with which to negotiate the token. |
from_shared_access_key |
Attempt to create a CBS token session using a Shared Access Key such as is used to connect to Azure services. time to start the process of token refresh. Default value is 10% of the remaining seconds until the token expires. |
handle_token |
This function is called periodically to check the status of the current token if there is one, and request a new one if needed. If the token request fails, it will be retried according to the retry policy. A token refresh will be attempted if the token will expire soon. This function will return a tuple of two booleans. The first represents whether the token authentication has not completed within it's given timeout window. The second indicates whether the token negotiation is still in progress. |
set_io | |
set_tlsio |
Setup the default underlying TLS IO layer. On Windows this is Schannel, on Linux and MacOS this is OpenSSL. |
set_wsio |
Setup the default underlying Web Socket IO layer. |
update_token |
If a username and password are present - attempt to use them to request a fresh SAS token. |
close
Close the authentication layer and cleanup all the authentication wrapper objects.
close()
close_authenticator
Close the CBS auth channel and session.
close_authenticator()
create_authenticator
Create the AMQP session and the CBS channel with which to negotiate the token.
create_authenticator(connection, debug=False, **kwargs)
Parameters
Name | Description |
---|---|
connection
Required
|
The underlying AMQP connection on which to create the session. |
debug
|
Whether to emit network trace logging events for the CBS session. Default is False. Logging events are set at INFO level. Default value: False
|
Returns
Type | Description |
---|---|
from_shared_access_key
Attempt to create a CBS token session using a Shared Access Key such as is used to connect to Azure services.
time to start the process of token refresh. Default value is 10% of the remaining seconds until the token expires.
from_shared_access_key(uri, key_name, shared_access_key, expiry=None, port=None, timeout=10, retry_policy=<uamqp.authentication.cbs_auth.TokenRetryPolicy object>, verify=None, http_proxy=None, transport_type=TransportType.Amqp, encoding='UTF-8', **kwargs)
Parameters
Name | Description |
---|---|
uri
Required
|
The AMQP endpoint URI. This must be provided as a decoded string. |
key_name
Required
|
The SAS token username, also referred to as the key name or policy name. |
shared_access_key
Required
|
The SAS token password, also referred to as the key. |
expiry
|
The lifetime in seconds for the generated token. Default is 1 hour. Default value: None
|
port
|
The TLS port - default for AMQP is 5671. Default value: None
|
timeout
|
The timeout in seconds in which to negotiate the token. The default value is 10 seconds. Default value: 10
|
retry_policy
|
The retry policy for the PUT token request. The default retry policy has 3 retries. |
verify
|
The path to a user-defined certificate. Default value: None
|
http_proxy
|
HTTP proxy configuration. This should be a dictionary with the following keys present: 'proxy_hostname' and 'proxy_port'. Additional optional keys are 'username' and 'password'. Default value: None
|
transport_type
|
<xref:uamqp.TransportType>
The transport protocol type - default is ~uamqp.TransportType.Amqp. ~uamqp.TransportType.AmqpOverWebsocket is applied when http_proxy is set or the transport type is explicitly requested. Default value: TransportType.Amqp
|
encoding
|
The encoding to use if hostname is provided as a str. Default is 'UTF-8'. Default value: UTF-8
|
Keyword-Only Parameters
Name | Description |
---|---|
refresh_window
|
The time in seconds before the token expiration |
handle_token
This function is called periodically to check the status of the current token if there is one, and request a new one if needed. If the token request fails, it will be retried according to the retry policy. A token refresh will be attempted if the token will expire soon.
This function will return a tuple of two booleans. The first represents whether the token authentication has not completed within it's given timeout window. The second indicates whether the token negotiation is still in progress.
handle_token()
Returns
Type | Description |
---|---|
Exceptions
Type | Description |
---|---|
uamqp.errors.AuthenticationException if the token authentication fails.
|
|
uamqp.errors.TokenExpired if the token has expired and cannot berefreshed.
|
set_io
set_io(hostname, port, http_proxy, transport_type)
Parameters
Name | Description |
---|---|
hostname
Required
|
|
port
Required
|
|
http_proxy
Required
|
|
transport_type
Required
|
|
set_tlsio
Setup the default underlying TLS IO layer. On Windows this is Schannel, on Linux and MacOS this is OpenSSL.
set_tlsio(hostname, port)
Parameters
Name | Description |
---|---|
hostname
Required
|
The endpoint hostname. |
port
Required
|
The TLS port. |
set_wsio
Setup the default underlying Web Socket IO layer.
set_wsio(hostname, port, http_proxy)
Parameters
Name | Description |
---|---|
hostname
Required
|
The endpoint hostname. |
port
Required
|
The WSS port. |
http_proxy
Required
|
|
update_token
If a username and password are present - attempt to use them to request a fresh SAS token.
update_token()
Azure SDK for Python
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for