pylithiumsso3
Python implementation of lithium_sso.php. License information provided by
Khoros, LLC:
LICENSE FILE DISCLOSURE STATEMENT
=============================================
This LICENSE.TXT file sets forth the general licensing terms and references for the
SSOClient Java software provided by Khoros, LLC. Your use of the software components
provided herewith (the “Software”) is subject to the terms set forth herein and any
associated license that you have entered into with Khoros. Except as may be granted
by separate express written agreement, this file provides no license to any Lithium
patents, trademarks, copyrights, or other intellectual property.
=======================================
Khoros, LLC Copyright Notice
=======================================
SSOClient.java
Copyright (c) 2022 Khoros, LLC, Austin, Texas, U.S.A. All Rights Reserved
The Software is the confidential and proprietary information of Khoros, LLC
(“Confidential Information”). You shall not disclose such Confidential Information
and shall use it only in accordance with the terms of the license agreement you
entered into with Lithium.
Example Usage:
# Secret SSO key (128-bit or 256-bit) provided by Lithium
sso_key = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
# (Optional) Secret PrivacyGuard key (128-bit or 256-bit) *NOT* to be shared with Lithium
pg_key = ""
# Initialize Lithium SSO Client
from pylithiumsso3.lithium_sso import LithiumSSO
lithium = LithiumSSO("example", ".example.com", sso_key)
# (Optional) Additional user profile settings to pass to Lithium
settings = {}
# Example: Set the user's homepage URL
settings["profile.url_homepage"] = "http://myhomepage.example.com"
# Example: Grant the user the Moderator role
settings["roles.grant"] = "Moderator"
# Create the authentication token
req_user_agent = "Mozilla/5.0"
req_referer = "example.com"
req_remote_addr = "10.11.12.13"
li_token = lithium.get_auth_token_value(
"1000", "myscreenname", "myemail@example.com", settings,
req_user_agent, req_referer, req_remote_addr
)
# The token can either be passed directly through HTTP GET/POST, or through cookies.
# If PrivacyGuard is enabled, you must initialize the PrivacyGuard key, and call the
# encryption function for each token which requires PG encryption. Example:
lithium.init_smr(pg_hex_key)
pg_enc_parameter = lithium.get_smr_field("myemail@example.com");
li_token = lithium.get_auth_token_value("1000", "myscreenname", pg_enc_parameter, settings)
- class pylithiumsso3.lithium_sso.LithiumSSO(client_id: str, client_domain: str, sso_hex_key: str, server_id: str = '')[source]
- Variables
client_id – The client or community id to create an SSO token for
client_domain – The domain name for this token, used when transporting via cookies (e.g., “.lithium.com”)
server_id – The server ID
sso_key – The 128-bit or 256-bit secret key bytes
pg_key – The 128-bit or 256-bit PrivacyGuard key bytes
tsid – The timestamp ID
- Parameters
client_id – The client or community id to create an SSO token for
client_domain – The domain name for this token, used when transporting via cookies (e.g., “.lithium.com”)
sso_hex_key – The 128-bit or 256-bit secret key, represented in hexadecimal
server_id – The server id
- Raises
ValueError if invalid client ID, client domain, or SSO key
- decode_auth_token_value(value: str) Dict[str, Any][source]
Returns decoded and parsed Lithium authentication token
- Parameters
value – Lithium authentication token to decode
- Returns
Dictionary containing the following:
”version” - Lithium token version
”server_id” - The server ID
”tsid” - The timestamp ID
”timestamp” - The timestamp of the request
”req_user_agent” - User agent from request
”req_referer” - Referrer from request
”req_remote_addr” - Remote address from request
”client_domain” - The domain name for this token, used when transporting via cookies (e.g., “.lithium.com”)
”client_id” - The client or community id to create an SSO token for
”unique_id” - A non-changable id used to uniquely identify this user globally
”login” - The login name or screen name for this user
”email” - The email address for this user
”settings” - Profile settings where the key is the setting name and the value is the setting value
- Raises
ValueError if decoded value of Lithium authentication token is invalid
- decode_smr_field(value: str) str[source]
PrivacyGuard parameter decrypt
- Parameters
value – the string to return a PrivacyGuard decrypted token for
- Returns
the PrivacyGuard decrypted value of string or “” if no key set
- get_auth_token_value(unique_id: str, login: str, email: str, settings: Optional[dict] = None, req_user_agent: str = '', req_referer: str = '', req_remote_addr: str = '') str[source]
Returns a Lithium authentication token for the given user parameters
- Parameters
unique_id – A non-changable id used to uniquely identify this user globally. This should be an non-reusable integer or other identifier. Email addresses can be used, but are not recommended as this value cannot be changed.
login – The login name or screen name for this user. This is usually a publicly visible field, so should not contain personally identifiable information.
email – The email address for this user.
settings –
Profile settings where the key is the setting name and the value is the setting value. Examples of settings include:
roles.grant = Moderator (grants the Moderator role to user)
profile.name_first = John (sets first name to John)
Contact Lithium for a list of valid settings.
req_user_agent – User agent from request. Used for security identification information.
req_referer – Referrer from request. Used for security identification information.
req_remote_addr – Remote address from request. Used for security identification information.
- Returns
the encrypted authentication token
- Raises
ValueError if invalid unique ID, login, or email