Authentication information and impersonation¶
Introduction¶
From any Python code, it is possible to retrieve information about the user or API key currently running this code.
This can be used:
- From code running within a recipe or notebook, for the code to know who is running said code
- From code running with a plugin recipe, for the code to know who is running said code
- From code running outside of DSS, simply to retrieve details of the current API key
Furthermore, the API provides the ability, from a set of HTTP headers, to identify the user represented by these headers. This can be used in the backend of a webapp (either Bokeh or Flask), in order to securely identify which user is currently browsing the webapp.
Code samples¶
Getting your own login information¶
auth_info = client.get_auth_info()
# auth_info is a dict which contains at least a "authIdentifier" field, which is the login for a user
print ("User running this code is %s" % auth_info["authIdentifier"])
Authenticating calls made from a webapp¶
Please see Webapps and security
Impersonating another user¶
As a DSS administrator, it can be useful to be able to perform API calls on behalf of another user.
user = client.get_user("the_user_to_impersonate")
client_as_user = user.get_client_as()
# All calls done using `client_as_user` will appear as being performed by `the_user_to_impersonate` and will inherit
# its permissions
Modifying your own user properties¶
As a user (not an administrator), you can modify some of your own settings:
- User properties
- User secrets (see below)
- Per-user-credentials (see below)
my_user = client.get_own_user()
settings = my_user.get_settings()
settings.user_properties["myprop"] = "myvalue"
settings.save()
Modifying your own user secrets¶
my_user = client.get_own_user()
settings = my_user.get_settings()
settings.add_secret("secretname", "secretvalue")
settings.save()
Entering a per-user-credential for a connection, for yourself¶
To do it for other users, see Users and groups
my_user = client.get_own_user()
settings = my_user.get_settings()
settings.set_basic_connection_credential("myconnection", "username", "password")
settings.save()
Entering a per-user-credential for a plugin preset, for yourself¶
To do it for other users, see Users and groups
my_user = client.get_own_user()
settings = my_user.get_settings()
settings.set_basic_plugin_credential("myplugin", "my_paramset_id", "mypreset_id", "param_name", "username", "password")
settings.save()
Reference documentation¶
-
DSSClient.
get_auth_info
(with_secrets=False) Returns various information about the user currently authenticated using this instance of the API client.
This method returns a dict that may contain the following keys (may also contain others):
- authIdentifier: login for a user, id for an API key
- groups: list of group names (if context is an user)
- secrets: list of dicts containing user secrets (if context is an user)
Param: with_secrets boolean: Return user secrets Returns: a dict Return type: dict
-
DSSClient.
get_auth_info_from_browser_headers
(headers_dict, with_secrets=False) Returns various information about the DSS user authenticated by the dictionary of HTTP headers provided in headers_dict.
This is generally only used in webapp backends
This method returns a dict that may contain the following keys (may also contain others):
- authIdentifier: login for a user, id for an API key
- groups: list of group names (if context is an user)
- secrets: list of dicts containing user secrets (if context is an user)
Param: headers_dict dict: Dictionary of HTTP headers Param: with_secrets boolean: Return user secrets Returns: a dict Return type: dict