baseplate.lib.edge_context
¶
The EdgeRequestContext
provides an interface into both
authentication and context information about the original request from a user.
For edge services, it provides helpers to create the initial object and
serialize the context information into the appropriate headers. Once this
object is created and attached to the context, Baseplate will automatically
forward the headers to downstream services so they can access the
authentication and context data as well.
-
class
baseplate.lib.edge_context.
EdgeRequestContextFactory
(secrets)[source]¶ Factory for creating
EdgeRequestContext
objects.Every application should set one of these up. Edge services that talk directly with clients should use
new()
directly. For internal services, pass the object off to Baseplate’s framework integration (Thrift/Pyramid) for automatic use.Parameters: secrets (baseplate.lib.secrets.SecretsStore) – A configured secrets store. -
new
(authentication_token=None, loid_id=None, loid_created_ms=None, session_id=None, device_id=None)[source]¶ Return a new EdgeRequestContext object made from scratch.
Services at the edge that communicate directly with clients should use this to pass on the information they get to downstream services. They can then use this information to check authentication, run experiments, etc.
To use this, create and attach the context early in your request flow:
auth_cookie = request.cookies["authentication"] token = request.authentication_service.authenticate_cookie(cookie) loid = parse_loid(request.cookies["loid"]) session = parse_session(request.cookies["session"]) device_id = request.headers["x-device-id"] edge_context = self.edgecontext_factory.new( authentication_token=token, loid_id=loid.id, loid_created_ms=loid.created, session_id=session.id, device_id=device_id, ) edge_context.attach_context(request)
Parameters: - authentication_token (
Optional
[bytes
]) – A raw authentication token as returned by the authentication service. - loid_id (
Optional
[str
]) – ID for the current LoID in fullname format. - loid_created_ms (
Optional
[int
]) – Epoch milliseconds when the current LoID cookie was created. - session_id (
Optional
[str
]) – ID for the current session cookie. - session_id – ID for the device where the request originated from.
Return type: - authentication_token (
-
from_upstream
(edge_header)[source]¶ Create and return an EdgeRequestContext from an upstream header.
This is generally used internally to Baseplate by framework integrations that automatically pick up context from inbound requests.
Parameters: edge_header ( Optional
[bytes
]) – Raw payload of Edge-Request header from upstream service.Return type: EdgeRequestContext
-
-
class
baseplate.lib.edge_context.
EdgeRequestContext
(authn_token_validator, header)[source]¶ Contextual information about the initial request to an edge service.
Construct this using an
EdgeRequestContextFactory
.-
attach_context
(context)[source]¶ Attach this to the provided
RequestContext
.Parameters: context ( RequestContext
) – request context to attach this toReturn type: None
-
oauth_client
[source]¶ OAuthClient
object for the current context.
-
-
class
baseplate.lib.edge_context.
User
[source]¶ Wrapper for the user values in AuthenticationToken and the LoId cookie.
-
authentication_token
¶ Alias for field number 0
-
loid
¶ Alias for field number 1
Alias for field number 2
-
id
¶ Return the authenticated account_id for the current User.
Raises: NoAuthenticationError
if there was no authentication token, it was invalid, or the subject is not an account.Return type: Optional
[str
]
-
roles
¶ Return the authenticated roles for the current User.
Raises: NoAuthenticationError
if there was no authentication token or it was invalidReturn type: Set
[str
]
-
has_role
(role)[source]¶ Return if the authenticated user has the specified role.
Parameters: client_types – Case-insensitive sequence role name to check. Raises: NoAuthenticationError
if there was no authentication token defined for the current contextReturn type: bool
-
-
class
baseplate.lib.edge_context.
OAuthClient
[source]¶ Wrapper for the OAuth2 client values in AuthenticationToken.
-
authentication_token
¶ Alias for field number 0
-
id
¶ Return the authenticated id for the current client.
Raises: NoAuthenticationError
if there was no authentication token defined for the current contextReturn type: Optional
[str
]
-
is_type
(*client_types)[source]¶ Return if the authenticated client type is one of the given types.
When checking the type of the current OauthClient, you should check that the type “is” one of the allowed types rather than checking that it “is not” a disallowed type.
For example:
if oauth_client.is_type("third_party"): ...
not:
if not oauth_client.is_type("first_party"): ...
Parameters: client_types ( str
) – Case-insensitive sequence of client type names that you want to check.Raises: NoAuthenticationError
if there was no authentication token defined for the current contextReturn type: bool
-
-
class
baseplate.lib.edge_context.
Session
[source]¶ Wrapper for the session values in the EdgeRequestContext.
-
id
¶ Alias for field number 0
-
-
class
baseplate.lib.edge_context.
Service
[source]¶ Wrapper for the Service values in AuthenticationToken.
-
authentication_token
¶ Alias for field number 0
-
name
¶ Return the authenticated service name.
Type: name string or None if context authentication is invalid Raises: NoAuthenticationError
if there was no authentication token, it was invalid, or the subject is not a service.Return type: str
-
-
class
baseplate.lib.edge_context.
AuthenticationToken
[source]¶ Information about the authenticated user.
EdgeRequestContext
provides high-level helpers for extracting data from authentication tokens. Use those instead of direct access through this class.