- Coerce
oidcat.RequestError
to more closely matchwerkzeurg.HTTPError
with attributes likedescription
, etc. Because then maybeoidcat
errors could be handled like otherflask
errors and avoid confusion about different error json formats. But this would have to be a Major version upgrade. - add token signature validation to the token object (?)
- add token blacklist checking - idk if this can be done thru something in the well-known config?
- added
oidcat.cli
! This offers a few utilities that are really helpful when creating a CLI wrapping a rest API.oidcat.cli.util.cli_formatted
lets you wrap a class method and will format that method's output in either a yaml structure and/or a table depending on the structure of the data. This assumes that it's receiving basic serializable types (list
,dict
,str
,bool
, etc.), but it will work for other types too (it will just render them as a string).oidcat.cli.util.yamltable
the main beans and potatoes ofcli_formatted
. This will render the data like yaml (indented nesting), except anytime a list of dicts is seen, it will be rendered as a table.oidcat.cli.util.Nest
I use python Fire for most of my CLIs, but it doesn't have an easy way to do subcommands or to do method namespacing, seeing as it mostly leverages python constructs and there's not an easy way to put methods under a namespace without having to write a bunch of boilerplate. So this let's you nest classes where the nested class has access to the root class.
oidcat.Session.__str__
now uses__repr__
(not sure why it didn't do that implicitly, but whatever)oidcat.Session
(Access
really), will ask for the keycloak hostname as well ifask=True
and no host is providedoidcat.response_json
now handles the case where messages are just{"error": "this is the error message"}
- Added
util.aslist(x, split=',')
which follows these rulesaslist('asdf,zxcv', split=',')'
=>['asdf', 'zxcv']
aslist('asdf,zxcv')'
=>['asdf,zxcv']
util.aslist
previously converted all falsey values to an empty list, but now it only convertsNone
util._get_redirect_uris
was removed because after a closer look atflask-oidc
andoauth2client
, that value is never actually used. Rationale:redirect_uris
key is never used fromself.client_secrets
inflask_oidc/__init__.py
- the client secrets file is passed to
oauth2client
, andredirect_uri
is not passed explicitly as an argument (though it exists in the secrets file) - oauth2client never uses the
redirect_uris
parameter from the dict, just the one from the function arguments seen here which we just saw we never pass - flask oidc overrides the
redirect_uri
attr here - meaning that it's just a confusing, buggy, and ultimately dead piece of code ! so good riddance haha
util.with_well_known_secrets_file
andutil.with_keycloak_secrets_file
will now write to/tmp/.oidcat_clients/<client>.json
by default.oidcat.util.Role
is imported tooidcat.Role
andoidcat.role
is provided as an empty starting role list for convenienceoidcat.util.Env
is imported tooidcat.Env
andoidcat.env
is provided as an empty environment scope for convenience- note: a lot of the diffs are from trim trailing whitespace in my editor
- Added alternative permissions interface
- Added proper RTD docs, including a bunch of docstrings
- Moved version specification into
__version__.py
. idk just trying out a different format for packages. - Did a lot of cleanup and removed a bunch of unnecessary code, assignments, etc.
- Removed
Access(store_pass)
because it's honestly just not the right way to do it. use offline tokens insteadAccess(offline=True)
! - Added
Access(discard_credentials)
which lets users be more strict and not store the username and password on the object.- Honestly, I'm not sure if this is really a big concern, but it's easy enough to remove if we find it unnecessary
- Moved
refresh_buffer
andrefresh_token_buffer
intoWellKnown
instead ofAccess
seeing as all it was getting used for was being passed toWellKnown
anyways. - Made the use of
refresh_token_buffer
more consistent. it wasn't being used when getting a new refresh token which may have caused some temporary unauthorized access calls at some point. - Added a new exception base class
AuthenticationError
whichUnauthorized
subclasses. This is meant to capture both unauthorized errors from the server and from lack of credentials when authenticating, etc. - removed empty traceback message from
from_response
output message - Renamed
oidcat.Session
's first argumentwell_known_url
toauth_url
for improved clarity. - Added
oidcat.response_json
which parses the json response and handles some errors:oidcat
exception payloads returned from the server- "502 Bad Gateway" errors that get returned by nginx
- Renamed
oidcat.util.get_redirect_uris
tooidcat.util._get_redirect_uris
since it isn't a public API - Added more util tests
- Added
Env().set(varA=5, varB=10);assert Env().varA == '5'
interface to set environment variables. (casts them to string because that's how env vars gotta be)
- fixed key error for
{'error': 'unknown_error'}
in well known token query - Improved token validity error messages
- fix ignored scopes in well-known token querying
- importing
safe_format
intoutil
as that is a more sensible place for it (needs to stay inexceptions
to prevent circular import tho) - fixed error messages getting ignored due to falsey ErrStr class from flask_oidc
- added
exc2response(..., include_tb=None, show_tb=True)
arguments which allow you to control when to include the traceback in the response and when to log to console.include_tb
is used for example if we want to only show tracebacks for certain users (conditional on token roles)
- added
RequestError.from_response(..., additional_message)
which allows you to pass more contextual info - Added changelog !
Better late then never!