Auth#
The momotor.rpc.auth module contains functions and classes to set up an authenticated channel to the
Momotor broker.
It also provides functions to generate random authentication tokens.
Client#
- class momotor.rpc.auth.client.AuthenticatingChannel(channel, auth_token=None)#
Wrapper for
grpclib.client.Channelthat adds an auth-token metadata to any request.Proxies all methods of
grpclib.client.Channel, and adds a few additional methods
- async momotor.rpc.auth.client.authenticate(channel, api_key, api_secret, *, stub=None)#
Authenticate with the server. Returns an
AuthenticatingChannel.Any exception returned by the server is raised as a subclass of RPCException
- Parameters:
- Return type:
- async momotor.rpc.auth.client.get_authenticated_channel(host, port, api_key, api_secret, auth_token=None, *, ssl_context=None, loop=None, log_h2=False, keepalive_time=900, **channel_opts)#
Connect to a broker and authenticate, possibly using an already existing token.
Returns a tuple with
the authenticated channel
the auth stub
If authentication fails, raises (a subclass of)
RPCExceptionProduces logging information on the
momotor.rpc.authlogger- Parameters:
host (
str) – Broker’s hostnameport (
int|None) – Broker’s port. If None, uses default ports 50051 or 50052, depending on ssl_context valueapi_key (
str) – API key to authenticate withapi_secret (
str) – API secret to authenticate withauth_token (
str) – (optional) existing authentication token to reuse sessionssl_context – SSL context to use
loop – asyncio event loop (Deprecated)
log_h2 – if True, enables logging of the h2 library
keepalive_time – keep alive time (None to disable)
channel_opts – additional keyword arguments supplied to grpclib.channel.Channel
- Return type:
- Returns:
tuple containing: the authenticated channel and the auth stub
Utils#
- momotor.rpc.auth.utils.calculate_challenge_response(api_key, api_secret, salt, challenge)#
Calculate the response to a challenge request
- momotor.rpc.auth.utils.constant_time_compare(val1, val2)#
Returns True if the two strings are equal, False otherwise.
The time taken is independent of the number of characters that match.
(Borrowed from Django)
- momotor.rpc.auth.utils.gen_api_key()#
Generate a random API key
- Return type:
- Returns:
the generated key
- momotor.rpc.auth.utils.gen_api_secret()#
Generate a random secret
- Return type:
- Returns:
the generated secret
- momotor.rpc.auth.utils.gen_challenge()#
Generate a random challenge
- Return type:
- Returns:
the generated challenge
- momotor.rpc.auth.utils.gen_key(charset, length)#
Generate a key of length using characters in charset
- momotor.rpc.auth.utils.gen_salt()#
Generate a random salt
- Return type:
- Returns:
the generated salt
- momotor.rpc.auth.utils.API_KEY_CHARSET = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'#
Valid characters for an API key
- momotor.rpc.auth.utils.API_KEY_LENGTH = 24#
Default length of an API key
- momotor.rpc.auth.utils.API_SECRET_CHARSET = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@$^&-_+./?'#
Valid characters for an API secret
- momotor.rpc.auth.utils.API_SECRET_LENGTH = 64#
Default length of an API secret
- momotor.rpc.auth.utils.CHALLENGE_LENGTH = 512#
Length of the challenge
- momotor.rpc.auth.utils.SALT_CHARSET = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@$^&-_+./?'#
Valid characters for the salt used
- momotor.rpc.auth.utils.SALT_LENGTH = 8#
Length of the salt