security

alchemiscale.security.auth — security components for API services

exception alchemiscale.security.auth.AuthenticationError

Bases: Exception

alchemiscale.security.auth.authenticate(db, cls, identifier: str, key: str) CredentialedEntity | None

Authenticate the given identity+key against the db instance.

Parameters:
  • db – State store instance featuring a get_credentialed_entity method.

  • cls – The CredentialedEntity subclass the identity corresponds to.

  • identity – String identifier for the the identity.

  • key – Secret key string for the identity.

Returns:

  • If successfully authenticated, returns the CredentialedEntity subclass instance.

  • If not, returns None.

alchemiscale.security.auth.validate_secret(secret: str)

ensure secret has correct type & size


alchemiscale.security.models — data models for security components

class alchemiscale.security.models.ComputeIdentity(*, identifier: str, disabled: bool = False, scopes: list[str] = [], email: str | None = None)

Bases: ScopedIdentity

model_config = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class alchemiscale.security.models.CredentialedComputeIdentity(*, hashed_key: str, expires: datetime | None = None, identifier: str, disabled: bool = False, scopes: list[str] = [], email: str | None = None)

Bases: ComputeIdentity, CredentialedEntity

model_config = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class alchemiscale.security.models.CredentialedEntity(*, hashed_key: str, expires: datetime | None = None)

Bases: BaseModel

model_config = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class alchemiscale.security.models.CredentialedUserIdentity(*, hashed_key: str, expires: datetime | None = None, identifier: str, disabled: bool = False, scopes: list[str] = [], email: str | None = None, full_name: str | None = None)

Bases: UserIdentity, CredentialedEntity

model_config = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class alchemiscale.security.models.ScopedIdentity(*, identifier: str, disabled: bool = False, scopes: list[str] = [])

Bases: BaseModel

model_config = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class alchemiscale.security.models.Token(*, access_token: str, token_type: str)

Bases: BaseModel

model_config = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class alchemiscale.security.models.TokenData(*, entity: str | None = None, scopes: list[str] = None)

Bases: BaseModel

model_config = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class alchemiscale.security.models.UserIdentity(*, identifier: str, disabled: bool = False, scopes: list[str] = [], email: str | None = None, full_name: str | None = None)

Bases: ScopedIdentity

model_config = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].