Auth

Authentication utilities for the Python SDK of the NBG APIs.

Consent

Utilities for authorising requests, based on the consents framework.

class nbg.auth.consent.ConsentClient

Base class for managing consents and authorising requests based on the consents framework.

property consent_headers

Return the required headers for authorising a request with a consent.

property consent_id

Return the consent ID of the current client.

delete_consent(consent_id: str, user_id: str, tan_number: str) → dict

Delete the requested consent.

Parameters

• consent_id (string) – The consent ID to delete

• user_id (string) – The user ID of the user that provided the consent

• tan_number (string) – String "smsotp" to receive TAN number on your mobile phone, or the TAN number you received.

— Usage

client.delete_consent(
  consent_id="your-unique-consent-id",
  user_id="your_user_id",
  tan_number="smsotp",  # Set to "smsotp" to send code you user's mobile phone
)

# After you receive the ``tan_number``.
tan_number = "the_one_the_user_received"
client.delete_consent(
  consent_id="your-unique-consent-id",
  user_id="your_user_id",
  tan_number=tan_number,  # Set to the code received by the user
)

generate_consent() → dict

Generate a consent ID for use by the current client.

Usage

client.generate_consent()

get_consent_information(consent_id: str, user_id: str) → dict

Returns information for the requested consent.

Parameters

• consent_id (string) – The consent ID to get information

• user_id (string) – The user ID of the user that provided the consent

— Usage

client.get_consent_information(
  consent_id="your-unique-consent-id",
  user_id="your_user_id",
)

get_user_consent_url(redirect_url: str) → str

Get URL to present to the user to provide their consent.

Parameters

redirect_url (string) – The URL to redirect to, after the consent is given

— Usage

client.get_user_consent_url(
  redirect_url="https://myapp.example.com/nbg/consent/"
)

set_consent_id(consent_id: str)

Set the consent ID for the current client.

Parameters

consent_id (string) – The consent ID from generate_consent()

— Usage

client.set_consent_id("my-unique-consent-id")

Signature

Utilities for request signing and response verification based on QSeal certificates.

class nbg.auth.signature.SignedClientMixin

Enables NBG API clients that can sign requests and verify responses based on QSeal certificates.

property nbg_certificate

Returns the NBG certificate used to verify responses according to the configured environment (production or sandbox).

set_tpp_certificate(tpp_certificate: str)

Set the TPP certificate used by the server to verify requests by the current client instance.

set_tpp_private_key(tpp_private_key: str)

Loads the TPP private key used by the current client instance to sign requests to the server.

signature_headers(body: dict) → dict

Return the required QSeal signature headers, based on the provided request body.

property signing_enabled

Returns whether request signing and response verification is enabled for the current client. Signing is always enabled in production mode and in sandbox, when the TPP private key has been set via the set_tpp_private_key method.

property tpp_certificate

Returns the current client’s TPP certificate, used by the server to verify signed requests by the current client.

property tpp_private_key

Returns the current client’s TPP private key, used to sign requests.

OAuth

Utilities for authenticating requests based on OAuth 2 and OpenID Connect.

class nbg.auth.oauth.AccessTokenAuth(access_token: str)

Authentication class, based on the requests library, for use by the a client to authenticate requests with an access token.

class nbg.auth.oauth.OAuthClientMixin

Enables implementation of NBG API clients that can authenticate requests based on OAuth2 access tokens.

property access_token

Returns the access token of the current client.

get_authorization_code_url(redirect_uri: str, scope: str = None, response_type: str = 'code') → str

Composes and returns the URL that has to be visited by a user to get an authorization code for the current client.

Parameters

• redirect_uri (string) – The redirect URI to return the authorization code as GET parameter.

• scope (string) – The OAuth scope for which to get authorization code. Defaults to None; this is each client’s built-in configuration, which should suffice in most cases.

• response_type (string) – The response type when exchanging the authorization code. Defaults to token, which should suffice in most cases.

Usage

client.get_authorization_code_url(
    redirect_uri="https://myapp.example.com/complete/nbg/",
)

property request_auth

Returns the requests authentication instance for the current client.

set_access_token(access_token: str)

Sets the access token for the current client.

Parameters

access_token (string) – The access token to set up for the current client.

Usage

client.set_access_token("the_access_token_of_a_user")

set_access_token_from_authorization_code(authorization_code: str, redirect_uri: str)

Exchanges an authorization code with an access token and sets the access token accordingly for the current client.

Parameters

• authorization_code (string) – The authorization code you received as a GET parameter.

• redirect_uri (string) – The redirect URI for which you requested the authorization code.

Usage

client.set_access_token_from_authorization_code(
    authorization_code="the_authorization_code_you_received",
    redirect_uri="https://myapp.example.com/complete/nbg/",
)

Exceptions

Exceptions used by the authentication framework of the NBG APIs.

exception nbg.auth.exceptions.OAuthTokenException(message: str, original_exception: Exception)

This exception is being raised when an authorisation code cannot be exchanged with an access token.