keystone.auth.plugins.token module

class keystone.auth.plugins.token.Token[source]

Bases: AuthMethodHandler

authenticate(auth_payload)[source]

Authenticate user and return an authentication context.

Parameters:

auth_payload (dict) – the payload content of the authentication request for a given method

If successful, plugin must set user_id in response_data. method_name is used to convey any additional authentication methods in case authentication is for re-scoping. For example, if the authentication is for re-scoping, plugin must append the previous method names into method_names; NOTE: This behavior is exclusive to the re-scope type action. Here’s an example of response_data on successful authentication:

{
    "methods": [
        "password",
        "token"
    ],
    "user_id": "abc123"
}

Plugins are invoked in the order in which they are specified in the methods attribute of the identity object. For example, custom-plugin is invoked before password, which is invoked before token in the following authentication request:

{
    "auth": {
        "identity": {
            "custom-plugin": {
                "custom-data": "sdfdfsfsfsdfsf"
            },
            "methods": [
                "custom-plugin",
                "password",
                "token"
            ],
            "password": {
                "user": {
                    "id": "s23sfad1",
                    "password": "secret"
                }
            },
            "token": {
                "id": "sdfafasdfsfasfasdfds"
            }
        }
    }
}
Returns:

AuthHandlerResponse with status set to True if auth was successful. If status is False and this is a multi-step auth, the response_body can be in a form of a dict for the next step in authentication.

Raises:

keystone.exception.Unauthorized – for authentication failure

keystone.auth.plugins.token.token_authenticate(token)[source]