Login Flow Managers¶
This page provides references for the LoginFlowManager abstract class and some concrete implementations.
A login flow manager is a class responsible for driving a user through a login flow, with the ultimate goal of obtaining tokens. The tokens are required to make requests against any Globus services.
Interface¶
- class globus_sdk.login_flows.LoginFlowManager(login_client, *, request_refresh_tokens=False, native_prefill_named_grant=None)[source]¶
The abstract base class defining the interface for managing login flows.
Implementing classes must supply a
run_login_flow
method. Utility functions starting an authorization-code grant flow and getting an authorization-code URL are provided on the class.- Variables:
login_client (AuthLoginClient) – A native or confidential login client to be used by the login flow manager.
request_refresh_tokens (bool) – A signal of whether refresh tokens are expected to be requested, in addition to access tokens.
native_prefill_named_grant (str) – A string to prefill in a Native App login flow. This value is only to be used if the login_client is a native client.
- abstract run_login_flow(auth_parameters)[source]¶
Run a login flow to get tokens for a user.
- Parameters:
auth_parameters (GlobusAuthorizationParameters) –
GlobusAuthorizationParameters
passed through to the authentication flow to control how the user will authenticate.- Return type:
Command Line¶
As the name might suggest, a CommandLineLoginFlowManager drives user logins through the command line (stdin/stdout). When run, the manager will print a URL to the console then prompt a user to navigate to that URL and enter the resulting auth code back into the terminal.
Example Code:
>>> from globus_sdk import NativeAppAuthClient
>>> from globus_sdk.scopes import TransferScopes
>>> from globus_sdk.login_flows import CommandLineLoginFlowManager
>>> login_client = NativeAppAuthClient(client_id=client_id)
>>> manager = CommandLineLoginFlowManager(login_client)
>>>
>>> token_response = manager.run_login_flow(
... GlobusAuthorizationParameters(required_scopes=[TransferScopes.all])
... )
Please authenticate with Globus here:
-------------------------------------
https://auth.globus.org/v2/oauth2/authorize?cli...truncated...
-------------------------------------
Enter the resulting Authorization Code here:
- class globus_sdk.login_flows.CommandLineLoginFlowManager(login_client, *, redirect_uri=None, request_refresh_tokens=False, native_prefill_named_grant=None)[source]¶
Bases:
LoginFlowManager
A login flow manager which drives authorization-code token grants through the command line.
- Parameters:
login_client (AuthLoginClient) –
The client that will be making Globus Auth API calls required for a login flow.
Note
If this client is a
globus_sdk.ConfidentialAppAuthClient
, an explicit redirect_uri param is required.redirect_uri (str) – The redirect URI to use for the login flow. When the login_client is a native client, this defaults to a Globus-hosted URL.
request_refresh_tokens (bool) – A signal of whether refresh tokens are expected to be requested, in addition to access tokens.
native_prefill_named_grant (str) – A string to prefill in a Native App login flow. This value is only used if the login_client is a native client.
- classmethod for_globus_app(app_name, login_client, config)[source]¶
Create a
CommandLineLoginFlowManager
for use in a GlobusApp.- Parameters:
app_name (str) – The name of the app. Will be prefilled in native auth flows.
login_client (AuthLoginClient) – A client used to make Globus Auth API calls.
config (GlobusAppConfig) – A GlobusApp-bounded object used to configure login flow manager.
- Raises:
GlobusSDKUsageError – if login_redirect_uri is not set on the config but a ConfidentialAppAuthClient is supplied.
- Return type:
- run_login_flow(auth_parameters)[source]¶
Run an interactive login flow on the command line to get tokens for the user.
- Parameters:
auth_parameters (GlobusAuthorizationParameters) –
GlobusAuthorizationParameters
passed through to the authentication flow to control how the user will authenticate.- Return type:
Local Server¶
A LocalServerLoginFlowManager drives more automated, but less portable, login flows compared with its command line counterpart. When run, rather than printing the authorization URL, the manager will open it in the user’s default browser. Alongside this, the manager will start a local web server to receive the auth code upon completion of the login flow.
This provides a more user-friendly login experience as there is no manually copy/pasting of links and codes. It also requires however that the python process be running in an environment with access to a supported browser. As such, this flow is not suitable for headless environments (e.g., while ssh-ed into a cluster node).
Note
This login manager is only supported for native clients.
Example Usage:
>>> from globus_sdk import NativeAppAuthClient
>>> from globus_sdk.scopes import TransferScopes
>>> from globus_sdk.login_flows import LocalServerLoginFlowManager
>>> login_client = NativeAppAuthClient(client_id=client_id)
>>> manager = LocalServerLoginFlowManager(login_client)
>>>
>>> token_response = manager.run_login_flow(
... GlobusAuthorizationParameters(required_scopes=[TransferScopes.all])
... )
- class globus_sdk.login_flows.LocalServerLoginFlowManager(login_client, *, request_refresh_tokens=False, native_prefill_named_grant=None, server_address=('localhost', 0), html_template=<string.Template object>)[source]¶
Bases:
LoginFlowManager
A login flow manager which uses a locally hosted server to drive authentication-code token grants. The local server is used as the authorization redirect URI, automatically receiving the auth code from Globus Auth after authentication/consent.
- Parameters:
login_client (AuthLoginClient) – The client that will be making Globus Auth API calls required for a login flow.
request_refresh_tokens (bool) – A signal of whether refresh tokens are expected to be requested, in addition to access tokens.
native_prefill_named_grant (str) – A string to prefill in a Native App login flow. This value is only used if the login_client is a native client.
html_template (Template) – Optional HTML Template to be populated with the values login_result and post_login_message and displayed to the user. A simple default is supplied if not provided which informs the user that the login was successful and that they may close the browser window.
server_address (tuple[str, int]) – Optional tuple of the form (host, port) to specify an address to run the local server at. Defaults to (“127.0.0.1”, 0).
- classmethod for_globus_app(app_name, login_client, config)[source]¶
Create a
LocalServerLoginFlowManager
for use in a GlobusApp.- Parameters:
app_name (str) – The name of the app. Will be prefilled in native auth flows.
login_client (AuthLoginClient) – A client used to make Globus Auth API calls.
config (GlobusAppConfig) – A GlobusApp-bounded object used to configure login flow manager.
- Raises:
GlobusSDKUsageError – if app config is incompatible with the manager.
- Return type:
- run_login_flow(auth_parameters)[source]¶
Run an interactive login flow using a locally hosted server to get tokens for the user.
- Parameters:
auth_parameters (GlobusAuthorizationParameters) –
GlobusAuthorizationParameters
passed through to the authentication flow to control how the user will authenticate.- Raises:
LocalServerEnvironmentalLoginError – If the local server login flow cannot be run due to known failure conditions such as remote sessions or text-only browsers.
LocalServerLoginError – If the local server login flow fails for any reason.
- Return type: