AuthLiteClient API Reference

Initialization of AuthLiteClient

The AuthLiteClient is a Python client for the TrustAuthX authentication service. It provides a set of methods for managing user authentication, roles, and permissions.

AuthLiteClient(
    api_key: str,
    secret_key: str,
    org_id: str = None,
    API_BASE_URL: str = "https://api.trustauthx.com",
    in_memory: bool = True
)

Initializes the AuthLiteClient instance with the provided API key, secret key, organization ID, API base URL, and in-memory flag.

Parameters:

api_key (str): The API key used for authentication.
secret_key (str): The secret key used for JWT encoding.
org_id (str, optional): The organization ID for generating authentication URLs.
API_BASE_URL (str, optional): The base URL for the API. Defaults to "https://api.trustauthx.com (opens in a new tab)".
in_memory (bool, optional): Flag indicating whether to store the roles in-memory or in a SQLite database. Defaults to True (in-memory).

Returns:

An instance of the AuthLiteClient class.

Methods

`generate_url(self) -> str`

Generates an authentication URL for the given organization.

Returns:

The generated authentication URL.

Raises:

ValueError: If org_id is not provided.

`generate_edit_user_url(self, access_token: str, url: str) -> str`

Generates an authentication URL for editing user settings.

Parameters:

access_token (str): The access token for authentication.
url (str): The URL to be included in the generated URL.

Returns:

The generated authentication URL.

`re_auth(self, code: str)`

Performs re-authentication with a provided code after the user finishes editing their profile.

Parameters:

code (str): The re-authentication code.

Returns:

A dictionary containing user information after successful re-authentication.

Raises:

HTTPError: If the request fails with an HTTP error status code.

`get_user(self, token: str, return_class: bool = False) -> User | dict`

Validates the given authentication token and returns user data.

Parameters:

token (str): The authentication token to validate.
return_class (bool, optional): Whether to return a User object or a dictionary. Defaults to False.

Returns:

A dictionary containing user information.
If return_class is True, returns a User object.

Raises:

HTTPError: If the request fails with an HTTP error status code.

`get_user_data(self, AccessToken: str) -> dict`

Retrieves user data using an access token.

Parameters:

AccessToken (str): The access token for retrieving user data.

Returns:

A dictionary containing user data.

Raises:

HTTPError: If the request fails with an HTTP error status code.

`get_access_token_from_refresh_token(self, refresh_token: str) -> dict`

Retrieves an access token from a refresh token.

Parameters:

refresh_token (str): The refresh token for obtaining a new access token.

Returns:

A dictionary containing the new access and refresh tokens.

Raises:

HTTPError: If the request fails with an HTTP error status code.

`validate_access_token(self, access_token: str) -> bool`

Validates an access token.

Parameters:

access_token (str): The access token to validate.

Returns:

True if the access token is valid, False otherwise.

`revoke_token(self, AccessToken: str = None, RefreshToken: str = None, revoke_all_tokens: bool = False) -> bool`

Revokes an access token or refresh token.

Parameters:

AccessToken (str, optional): The access token to revoke.
RefreshToken (str, optional): The refresh token to revoke.
revoke_all_tokens (bool, optional): Whether to revoke all tokens associated with the user.

Returns:

True if the token(s) were successfully revoked, False otherwise.

Raises:

HTTPError: If the request fails with an HTTP error status code.
AttributeError: If neither AccessToken nor RefreshToken is provided.

`validate_token_set(self, access_token: str, refresh_token: str) -> TokenCheck`

Validates a set of access and refresh tokens.

Parameters:

access_token (str): The access token to validate.
refresh_token (str): The refresh token to validate.

Returns:

A TokenCheck object representing the state of the tokens.

Raises:

HTTPError: If both tokens are invalid, indicating the need to login again.

`attach_role(self, uid: str, rol_ids: str | list, signoff_session_and_assign: bool = False, refresh_token: str = None, access_token: str = None, return_class: bool = False) -> dict | SignOffSessionReplace`

Attaches a role to a user.

Parameters:

uid (str): The user ID to attach the role to.
rol_ids (str | list): The ID(s) of the role(s) to attach.
signoff_session_and_assign (bool, optional): Whether to sign off the session and assign. Defaults to False.
refresh_token (str, optional): The refresh token for authentication.
access_token (str, optional): The access token for authentication.
return_class (bool, optional): Whether to return a class instance. Defaults to False.

Returns:

A dictionary or a SignOffSessionReplace object, depending on the return_class parameter.

Raises:

ParseError: If signoff_session_and_assign is True but refresh_token or access_token is not provided.

`remove_role(self, uid: str, rol_ids: str | list, signoff_session_and_assign: bool = False, refresh_token: str = None, access_token: str = None, return_class: bool = False) -> dict | SignOffSessionReplace`

Removes a role from a user.

Parameters:

uid (str): The user ID to remove the role from.
rol_ids (str | list): The ID(s) of the role(s) to remove.
signoff_session_and_assign (bool, optional): Whether to sign off the session and assign. Defaults to False.
refresh_token (str, optional): The refresh token for authentication.
access_token (str, optional): The access token for authentication.
return_class (bool, optional): Whether to return a class instance. Defaults to False.

Returns:

A dictionary or a SignOffSessionReplace object, depending on the return_class parameter.

Raises:

ParseError: If signoff_session_and_assign is True but refresh_token or access_token is not provided.

`update_role(self, uid: str, rol_ids_to_add: str | list, rol_ids_to_remove: str | list, signoff_session_and_assign: bool = False, refresh_token: str = None, access_token: str = None, return_class: bool = False) -> dict | SignOffSessionReplace`

Updates a user's roles by adding and/or removing roles.

Parameters:

uid (str): The user ID to update roles for.
rol_ids_to_add (str | list): The ID(s) of the role(s) to add.
rol_ids_to_remove (str | list): The ID(s) of the role(s) to remove.
signoff_session_and_assign (bool, optional): Whether to sign off the session and assign. Defaults to False.
refresh_token (str, optional): The refresh token for authentication.
access_token (str, optional): The access token for authentication.
return_class (bool, optional): Whether to return a class instance. Defaults to False.

Returns:

A dictionary or a SignOffSessionReplace object, depending on the return_class parameter.

Raises:

ParseError: If signoff_session_and_assign is True but refresh_token or access_token is not provided.

`_Roles` Class

The `_Roles` class inherits from the `_EdgeDBRoleQuery` class and provides methods for managing roles and permissions. It can be accessed by `Roles` which is an instance variable of `AuthLiteClient`.

`get_all_roles(self) -> GetAllRolesResponse`

Retrieves all roles and their associated permissions.

Returns:

A GetAllRolesResponse object containing the list of roles and their permissions.

`add_role(self, org_id: str, name: str, permissions: List[Permission]) -> AddRoleResponse`

Adds a new role with the specified permissions.

Parameters:

org_id (str): The organization ID associated with the new role.
name (str): The name of the new role.
permissions (List[Permission]): A list of permissions to be associated with the new role.

Returns:

An AddRoleResponse object containing the details of the newly added role.

`delete_role(self, org_id: str, rol_id: str) -> DeleteRoleResponse`

Deletes an existing role.

Parameters:

org_id (str): The organization ID associated with the role.
rol_id (str): The unique identifier of the role to be deleted.

Returns:

A DeleteRoleResponse object containing the details of the deleted role.

`add_permission(self, org_id: str, rol_id: str, permissions: List[Permission]) -> AddPermissionResponse`

Adds one or more permissions to an existing role.

Parameters:

org_id (str): The organization ID associated with the role.
rol_id (str): The unique identifier of the role.
permissions (List[Permission]): A list of permissions to be added to the role.

Returns:

An AddPermissionResponse object containing the updated role with the added permissions.

`delete_permission(self, org_id: str, rol_id: str, permissions: List[Permission]) -> DeletePermissionResponse`

Deletes one or more permissions from an existing role.

Parameters:

org_id (str): The organization ID associated with the role.
rol_id (str): The unique identifier of the role.
permissions (List[Permission]): A list of permissions to be removed from the role.

Returns:

A DeletePermissionResponse object containing the updated role with the removed permissions.

`_EdgeDBRoleQuery` Class

The _EdgeDBRoleQuery class is responsible for querying and managing roles and permissions.

`init(self, roles, in_memory=True)`

Initializes the _EdgeDBRoleQuery instance with the provided roles and storage mode.

Parameters:

roles (List[Dict[str, Dict[str, str]]]): A list of dictionaries representing roles and their permissions.
in_memory (bool, optional): Flag indicating whether to store the roles in-memory or in a SQLite database. Defaults to True.

`query(self, role_id=None, permission_key=None)`

Queries the roles and permissions based on the provided role ID and/or permission key.

Parameters:

role_id (str, optional): The role ID to query.
permission_key (str, optional): The permission key to query.

Returns:

Union[Dict[str, Dict[str, str]], Dict[str, str], str, None]: The queried roles, permissions, or permission value, depending on the provided arguments.

`validate(self, role_id, permission_key, permission_val)`

Validates a permission value for a given role ID and permission key.

Parameters:

role_id (str): The role ID to validate.
permission_key (str): The permission key to validate.
permission_val (str): The expected permission value to validate.

Returns:

bool: True if the permission value matches the expected value, False otherwise.

`count_roles(self)`

Returns the number of roles stored.

Returns:

int: The number of roles stored.

Data Classes

`Permission`

A class representing a permission object.

Attributes:

**kwargs: Key-value pairs representing the permission.

Methods:

to_dict(): Returns a dictionary representation of the Permission object.

`Role`

A class representing a role object.

Attributes:

org_id (str): The organization ID associated with the role.
rol_id (str): The unique identifier of the role.
name (str): The name of the role.
permissions (List[Permission]): A list of permissions associated with the role.

Methods:

to_dict(): Returns a dictionary representation of the Role object.

`GetAllRolesResponse`

A class representing the response from the get_all_roles() method.

Attributes:

roles_list (List[Role]): A list of Role objects.
roles_json_list (List[Dict[str, Union[str, List[Dict[str, str]]]]]): A list of dictionaries representing the roles and their permissions.

Methods:

to_dict(): Returns a dictionary representation of the GetAllRolesResponse object.

`AddRoleResponse`

A class representing the response from the add_role() method.

Attributes:

org_id (str): The organization ID associated with the new role.
rol_id (str): The unique identifier of the new role.
name (str): The name of the new role.
permissions (List[Permission]): A list of permissions associated with the new role.

Methods:

to_dict(): Returns a dictionary representation of the AddRoleResponse object.

`DeleteRoleResponse`

A class representing the response from the delete_role() method.

Attributes:

org_id (str): The organization ID associated with the deleted role.
rol_id (str): The unique identifier of the deleted role.
name (str): The name of the deleted role.
permissions (List[Permission]): A list of permissions associated with the deleted role.

Methods:

to_dict(): Returns a dictionary representation of the DeleteRoleResponse object.

`AddPermissionResponse`

A class representing the response from the add_permission() method.

Attributes:

org_id (str): The organization ID associated with the role.
rol_id (str): The unique identifier of the role.
permissions (List[Dict[str, str]]): A list of permissions added to the role.

Methods:

to_dict(): Returns a dictionary representation of the AddPermissionResponse object.

`DeletePermissionResponse`

A class representing the response from the delete_permission() method.

Attributes:

org_id (str): The organization ID associated with the role.
rol_id (str): The unique identifier of the role.
permissions (List[Permission]): A list of permissions associated with the role after the deletion.

Methods:

to_dict(): Returns a dictionary representation of the DeletePermissionResponse object.

`User`

A class representing a user object.

Attributes:

iss (str): The issuer of the token.
jti (str): The JWT ID.
access_token (str): The access token.
type (str): The type of the token.
exp (float): The expiration time of the token.
refresh_token (str): The refresh token.
refresh_exp (int): The expiration time of the refresh token.
scope (List[str]): The scopes associated with the token.
img (str): The user's profile image.
name (str): The user's name.
iat (int): The time the token was issued.
email (str): The user's email.
uid(str): The user's unique identifier.

Methods:

to_dict(): Returns a dictionary representation of the User object.

`SignOffSessionReplace`

A class representing the response from the attach_role(), remove_role(), and update_role() methods when signoff_session_and_assign is True.

Attributes:

uid (str): The user ID.
access_token (str): The new access token.
refresh_token (str): The new refresh token.
role (List[str]): The list of roles associated with the user.

Methods:

to_dict(): Returns a dictionary representation of the SignOffSessionReplace object.

User Consent How to Use Authlite Client

AuthLiteClient API Reference

Table of Contents

1. Initialize AuthLiteClient class

2. Methods of AuthLiteClient instance

3. _EdgeDBRoleQuery Class

4. _Roles Class

5. Data Classes

Initialization of AuthLiteClient

Methods

generate_url(self) -> str

generate_edit_user_url(self, access_token: str, url: str) -> str

re_auth(self, code: str)

get_user(self, token: str, return_class: bool = False) -> User | dict

get_user_data(self, AccessToken: str) -> dict

get_access_token_from_refresh_token(self, refresh_token: str) -> dict

validate_access_token(self, access_token: str) -> bool

revoke_token(self, AccessToken: str = None, RefreshToken: str = None, revoke_all_tokens: bool = False) -> bool

validate_token_set(self, access_token: str, refresh_token: str) -> TokenCheck

attach_role(self, uid: str, rol_ids: str | list, signoff_session_and_assign: bool = False, refresh_token: str = None, access_token: str = None, return_class: bool = False) -> dict | SignOffSessionReplace

remove_role(self, uid: str, rol_ids: str | list, signoff_session_and_assign: bool = False, refresh_token: str = None, access_token: str = None, return_class: bool = False) -> dict | SignOffSessionReplace

update_role(self, uid: str, rol_ids_to_add: str | list, rol_ids_to_remove: str | list, signoff_session_and_assign: bool = False, refresh_token: str = None, access_token: str = None, return_class: bool = False) -> dict | SignOffSessionReplace

_Roles Class

The _Roles class inherits from the _EdgeDBRoleQuery class and provides methods for managing roles and permissions. It can be accessed by Roles which is an instance variable of AuthLiteClient.

get_all_roles(self) -> GetAllRolesResponse

add_role(self, org_id: str, name: str, permissions: List[Permission]) -> AddRoleResponse

delete_role(self, org_id: str, rol_id: str) -> DeleteRoleResponse

add_permission(self, org_id: str, rol_id: str, permissions: List[Permission]) -> AddPermissionResponse

delete_permission(self, org_id: str, rol_id: str, permissions: List[Permission]) -> DeletePermissionResponse

_EdgeDBRoleQuery Class

__init__(self, roles, in_memory=True)

query(self, role_id=None, permission_key=None)

validate(self, role_id, permission_key, permission_val)

count_roles(self)

Data Classes

Permission

Role

GetAllRolesResponse

AddRoleResponse

DeleteRoleResponse

AddPermissionResponse

DeletePermissionResponse

User

SignOffSessionReplace

1. `Initialize AuthLiteClient` class

2. `Methods` of AuthLiteClient instance

3. `_EdgeDBRoleQuery` Class

4. `_Roles` Class

5. `Data Classes`

`generate_url(self) -> str`

`generate_edit_user_url(self, access_token: str, url: str) -> str`

`re_auth(self, code: str)`

`get_user(self, token: str, return_class: bool = False) -> User | dict`

`get_user_data(self, AccessToken: str) -> dict`

`get_access_token_from_refresh_token(self, refresh_token: str) -> dict`

`validate_access_token(self, access_token: str) -> bool`

`revoke_token(self, AccessToken: str = None, RefreshToken: str = None, revoke_all_tokens: bool = False) -> bool`

`validate_token_set(self, access_token: str, refresh_token: str) -> TokenCheck`

`attach_role(self, uid: str, rol_ids: str | list, signoff_session_and_assign: bool = False, refresh_token: str = None, access_token: str = None, return_class: bool = False) -> dict | SignOffSessionReplace`

`remove_role(self, uid: str, rol_ids: str | list, signoff_session_and_assign: bool = False, refresh_token: str = None, access_token: str = None, return_class: bool = False) -> dict | SignOffSessionReplace`

`update_role(self, uid: str, rol_ids_to_add: str | list, rol_ids_to_remove: str | list, signoff_session_and_assign: bool = False, refresh_token: str = None, access_token: str = None, return_class: bool = False) -> dict | SignOffSessionReplace`

`_Roles` Class

The `_Roles` class inherits from the `_EdgeDBRoleQuery` class and provides methods for managing roles and permissions. It can be accessed by `Roles` which is an instance variable of `AuthLiteClient`.

`get_all_roles(self) -> GetAllRolesResponse`

`add_role(self, org_id: str, name: str, permissions: List[Permission]) -> AddRoleResponse`

`delete_role(self, org_id: str, rol_id: str) -> DeleteRoleResponse`

`add_permission(self, org_id: str, rol_id: str, permissions: List[Permission]) -> AddPermissionResponse`

`delete_permission(self, org_id: str, rol_id: str, permissions: List[Permission]) -> DeletePermissionResponse`

`_EdgeDBRoleQuery` Class

`init(self, roles, in_memory=True)`

`query(self, role_id=None, permission_key=None)`

`validate(self, role_id, permission_key, permission_val)`

`count_roles(self)`

`Permission`

`Role`

`GetAllRolesResponse`

`AddRoleResponse`

`DeleteRoleResponse`

`AddPermissionResponse`

`DeletePermissionResponse`

`User`

`SignOffSessionReplace`