Globus App¶
This page provides reference documentation for GlobusApp
and associated classes.
For a narrative-style introduction to the concepts contained within GlobusApp, see
Using a GlobusApp.
- class globus_sdk.experimental.globus_app.GlobusApp(app_name='Unnamed Globus App', *, login_client=None, client_id=None, client_secret=None, scope_requirements=None, config=GlobusAppConfig(login_flow_manager=None, login_redirect_uri=None, token_storage='json', request_refresh_tokens=False, token_validation_error_handler=<function resolve_by_login_flow>, environment='production'))[source]¶
GlobusApp
is an abstract base class providing an interface for simplifying authentication with Globus services.A
GlobusApp
manages scope requirements across multiple resource servers, runs login flows through itsLoginFlowManager
, handles token storage and validation through itsValidatingTokenStorage
, and provides up-to-date authorizers from itsAuthorizerFactory
throughget_authorizer
.A
GlobusApp
is accepted as an initialization parameter to any SDK-provided service client, automatically handling the client’s default scope requirements and providing the client with an authorizer.- Parameters:
app_name (str) – A string to identify this app. Used for default tokenstorage location and in the future will be used to set user-agent when this app is attached to a service client
login_client (AuthLoginClient | None) – An
AuthLoginCLient
that will be used for running authentication flows. Different classes ofGlobusApp
may require specific classes ofAuthLoginClient
.Mutually exclusive with ``client_id
andclient_secret
.client_id (UUIDLike | None) – A client UUID used to construct an
AuthLoginCLient
for running authentication flows. The type ofAuthLoginCLient
will depend on the type ofGlobusApp
. Mutually exclusive withlogin_client
.client_secret (str | None) – The value of the client secret for
client_id
if it uses secrets. Mutually exclusive withlogin_client
.scope_requirements (t.Mapping[str, ScopeCollectionType] | None) – A dictionary of scope requirements indexed by resource server. The dict value may be a scope, scope string, or list of scopes or scope strings.
config (GlobusAppConfig) – A
GlobusAppConfig
used to control various behaviors of this app.
- Variables:
token_storage – The
ValidatingTokenStorage
containing tokens for the app. Authorization mediated by the app will use this object, so modifying this will impact clients which are defined to use the app whenever they fetch tokens.
- add_scope_requirements(scope_requirements)[source]¶
Add given scope requirements to the app’s scope requirements. Any duplicate requirements will be deduplicated later at authorization url creation time.
- Parameters:
scope_requirements (t.Mapping[str, ScopeCollectionType]) – a dict of Scopes indexed by resource server that will be added to this app’s scope requirements
- get_authorizer(resource_server, *, skip_error_handling=False)[source]¶
Get a
GlobusAuthorizer
from the app’s authorizer factory for a specified resource server. The type of authorizer is dependent on the app.- Parameters:
- Return type:
- login(*, auth_params=None, force=False)[source]¶
Log an auth entity into the app, if needed, storing the resulting tokens.
- A login flow will be performed if any of the following are true:
The kwarg
auth_params
is provided.The kwarg
force
is set to True.The method
self.login_required()
evaluates to True.
- Parameters:
auth_params (GlobusAuthorizationParameters | None) – An optional set of authorization parameters to establish requirements and controls for the login flow.
force (bool) – If True, perform a login flow even if one does not appear to be necessary.
- login_required()[source]¶
Determine if a login flow will be required to interact with resource servers under the current scope requirements.
- This will return false if any of the following are true:
Access tokens have never been issued.
Access tokens have been issued but have insufficient scopes.
Access tokens have expired and wouldn’t be resolved with refresh tokens.
- Returns:
True if a login flow appears to be required, False otherwise.
- Return type:
- class globus_sdk.experimental.globus_app.UserApp(app_name='Unnamed Globus App', *, login_client=None, client_id=None, client_secret=None, scope_requirements=None, config=GlobusAppConfig(login_flow_manager=None, login_redirect_uri=None, token_storage='json', request_refresh_tokens=False, token_validation_error_handler=<function resolve_by_login_flow>, environment='production'))[source]¶
A
GlobusApp
for login methods that require an interactive flow with a user.UserApp
s are most commonly used with native application clients by passing aNativeAppAuthClient
aslogin_client
or the native application’sclient_id
.If using a templated client, either pass a
ConfidentialAppAuthClient
as login_client` or the templated client’sclient_id
andclient_secret
. This will not work for standard confidential clients.By default a
UserApp
will create aCommandLineLoginFlowManager
for running login flows, which can be overridden throughconfig
.app = UserApp("myapp", client_id=NATIVE_APP_CLIENT_ID) client = TransferClient(app=app) res = client.endpoint_search("Tutorial Collection")
- class globus_sdk.experimental.globus_app.ClientApp(app_name='Unnamed Globus App', *, login_client=None, client_id=None, client_secret=None, scope_requirements=None, config=GlobusAppConfig(login_flow_manager=None, login_redirect_uri=None, token_storage='json', request_refresh_tokens=False, token_validation_error_handler=<function resolve_by_login_flow>, environment='production'))[source]¶
A
GlobusApp
using client credentials - useful for service accounts and automation use cases.ClientApp
s are always used with confidential clients either by passing aConfidentialAppAuthClient
aslogin_client
or providing the client’sclient_id
andclient_secret
pair.ClientApp
s do not use aLoginFlowManager
and will raise an error if given one throughconfig
.app = ClientApp("myapp", CLIENT_ID, CLIENT_SECRET) client = TransferClient(app=app) res = client.endpoint_search("Tutorial Collection")