Skip to content

oxd-python#

oxD Python is a client library for the Gluu oxD Server. For information about oxD, visit http://oxd.gluu.org

Installation#

Prerequisites#

Library#

  • Official Gluu Repo - Install using the package manager from the official Gluu repository.
apt-get install gluu-oxd-python

# or

yum install gluu-oxd-python
  • Source from Github - Download the zip of the oxD Python Library from here and unzip to your location of choice
cd oxdpython-version
python setup.py install
  • See the API docs for in-depth information about the various functions and their parameters.
  • See the code of a sample Flask app built using oxd-python.
  • Browse the source code is hosted in Github here.

Configuration#

This library uses a configuration file to specify information needed by OpenID Connect dynamic client registration, and to save information that is returned, like the client id. So the config file needs to be writable by the app.

The minimal configuration required to get oxd-python working:

[oxd]
host = localhost
port = 8099

[client]
authorization_redirect_uri=https://your.site.org/callback

Note: The sample.cfg file contains detailed documentation about the configuration values.

Sample Code#

Website Registration#

from oxdpython import Client

config = "/var/www/demosite/demosite.cfg"  # This should be writable by the server
client = Client(config)
client.register_site()

Note: register_site() can be skipped as any get_authorization_url() automatically registers the site.

Get Authorization URL#

auth_url = client.get_authorization_url()

Get Tokens#

# code = parse_callback_url_querystring()  # Refer your web framework
tokens = client.get_tokens_by_code(code)

Get User Claims#

user = oxc.get_user_info(tokens.access_token)

# The claims can be accessed using the dot notation.
print user.username
print user.website

print user._fields  # to print all the fields

# to check for a particular field and get the information
if 'website' in user._fields:
    print user.website

Logout#

logout_uri = oxc.get_logout_uri()

Update Site#

client.config.set('client', 'post_logout_uri', 'https://client.example.org/post_logout')

# ensure lists are converted to comma sperated string
scopes = ','.join(['openid','profile','uma_protection'])
client.config.set('client', 'scope', scopes)

client.update_site_registration()

UMA RS Protect#

# define the resource
resources = [{"path": "/photo",
              "conditions": [
                {
                    "httpMethods": ["GET"],
                    "scopes": ["http://photoz.example.com/dev/actions/view"]
                 }]
            }]

result = client.uma_rs_protect(resources)

UMA RS Check Access#

rpt = 'lsjdfa-sfas234s'
path = '/photo'
http_method = 'GET'

response = client.uma_rs_check_access(rpt, path, http_method)

UMA RP Get RPT#

rpt = client.uma_rp_get_rpt()

# To force a new RPT
rpt = client.uma_rp_get_rpt(True)

UMA RP Authorize RPT#

rpt = 'rpt-token-string'
ticket = 'ticket-value-as-string'

response = client.uma_rp_authorize_rpt(rpt, ticket)

UMA RP Get GAT#

scopes = ["http://photoz.example.com/dev/actions/add",
          "http://photoz.example.com/dev/actions/view"
          ]

gat = client.uma_rp_get_gat(scopes)