Auth¶
Authentication utilities for the Python SDK of the NBG APIs.
Consent¶
Utilities for authorising requests, based on the consents framework.
-
class
nbg.auth.consent.
ConsentClient
¶ Base class for managing consents and authorising requests based on the consents framework.
-
property
consent_headers
¶ Return the required headers for authorising a request with a consent.
-
property
consent_id
¶ Return the consent ID of the current client.
-
delete_consent
(consent_id: str, user_id: str, tan_number: str) → dict¶ Delete the requested consent.
- Parameters
consent_id (string) – The consent ID to delete
user_id (string) – The user ID of the user that provided the consent
tan_number (string) – String
"smsotp"
to receive TAN number on your mobile phone, or the TAN number you received.
— Usage
client.delete_consent( consent_id="your-unique-consent-id", user_id="your_user_id", tan_number="smsotp", # Set to "smsotp" to send code you user's mobile phone ) # After you receive the ``tan_number``. tan_number = "the_one_the_user_received" client.delete_consent( consent_id="your-unique-consent-id", user_id="your_user_id", tan_number=tan_number, # Set to the code received by the user )
-
generate_consent
() → dict¶ Generate a consent ID for use by the current client.
Usage
client.generate_consent()
-
get_consent_information
(consent_id: str, user_id: str) → dict¶ Returns information for the requested consent.
- Parameters
consent_id (string) – The consent ID to get information
user_id (string) – The user ID of the user that provided the consent
— Usage
client.get_consent_information( consent_id="your-unique-consent-id", user_id="your_user_id", )
-
get_user_consent_url
(redirect_url: str) → str¶ Get URL to present to the user to provide their consent.
- Parameters
redirect_url (string) – The URL to redirect to, after the consent is given
— Usage
client.get_user_consent_url( redirect_url="https://myapp.example.com/nbg/consent/" )
-
set_consent_id
(consent_id: str)¶ Set the consent ID for the current client.
- Parameters
consent_id (string) – The consent ID from
generate_consent()
— Usage
client.set_consent_id("my-unique-consent-id")
-
property
Signature¶
Utilities for request signing and response verification based on QSeal certificates.
-
class
nbg.auth.signature.
SignedClientMixin
¶ Enables NBG API clients that can sign requests and verify responses based on QSeal certificates.
-
property
nbg_certificate
¶ Returns the NBG certificate used to verify responses according to the configured environment (production or sandbox).
-
set_tpp_certificate
(tpp_certificate: str)¶ Set the TPP certificate used by the server to verify requests by the current client instance.
-
set_tpp_private_key
(tpp_private_key: str)¶ Loads the TPP private key used by the current client instance to sign requests to the server.
-
signature_headers
(body: dict) → dict¶ Return the required QSeal signature headers, based on the provided request body.
-
property
signing_enabled
¶ Returns whether request signing and response verification is enabled for the current client. Signing is always enabled in production mode and in sandbox, when the TPP private key has been set via the
set_tpp_private_key
method.
-
property
tpp_certificate
¶ Returns the current client’s TPP certificate, used by the server to verify signed requests by the current client.
-
property
tpp_private_key
¶ Returns the current client’s TPP private key, used to sign requests.
-
property
OAuth¶
Utilities for authenticating requests based on OAuth 2 and OpenID Connect.
-
class
nbg.auth.oauth.
AccessTokenAuth
(access_token: str)¶ Authentication class, based on the requests library, for use by the a client to authenticate requests with an access token.
-
class
nbg.auth.oauth.
OAuthClientMixin
¶ Enables implementation of NBG API clients that can authenticate requests based on OAuth2 access tokens.
-
property
access_token
¶ Returns the access token of the current client.
Composes and returns the URL that has to be visited by a user to get an authorization code for the current client.
- Parameters
redirect_uri (string) – The redirect URI to return the authorization code as GET parameter.
scope (string) – The OAuth scope for which to get authorization code. Defaults to None; this is each client’s built-in configuration, which should suffice in most cases.
response_type (string) – The response type when exchanging the authorization code. Defaults to token, which should suffice in most cases.
Usage
client.get_authorization_code_url( redirect_uri="https://myapp.example.com/complete/nbg/", )
-
property
request_auth
¶ Returns the requests authentication instance for the current client.
-
set_access_token
(access_token: str)¶ Sets the access token for the current client.
- Parameters
access_token (string) – The access token to set up for the current client.
Usage
client.set_access_token("the_access_token_of_a_user")
Exchanges an authorization code with an access token and sets the access token accordingly for the current client.
- Parameters
authorization_code (string) – The authorization code you received as a GET parameter.
redirect_uri (string) – The redirect URI for which you requested the authorization code.
Usage
client.set_access_token_from_authorization_code( authorization_code="the_authorization_code_you_received", redirect_uri="https://myapp.example.com/complete/nbg/", )
-
property