JWTTokenAuth Class

Reference

CBS authentication using JWT tokens.

Inheritance: AMQPAuth

JWTTokenAuth

CBSAuthMixin

JWTTokenAuth

Constructor

JWTTokenAuth(audience, uri, get_token, expires_in=datetime.timedelta(seconds=3600), expires_at=None, port=None, timeout=10, retry_policy=<uamqp.authentication.cbs_auth.TokenRetryPolicy object>, verify=None, token_type=b'jwt', http_proxy=None, transport_type=<TransportType.Amqp: 1>, encoding='UTF-8', **kwargs)

Parameters

audience: str or bytes

Required

The token audience field. For JWT tokens this is usually the URI.

uri: str

Required

The AMQP endpoint URI. This must be provided as a decoded string.

get_token: <xref:<xref:callable object>>

Required

The callback function used for getting and refreshing tokens. It should return a valid jwt token each time it is called.

expires_in: timedelta

default value: 1:00:00

The total remaining seconds until the token expires - default for JWT token generated by AAD is 3600s (1 hour).

expires_at: float

default value: None

The timestamp at which the JWT token will expire formatted as seconds since epoch.

port: int

default value: None

The TLS port - default for AMQP is 5671.

timeout: float

default value: 10

The timeout in seconds in which to negotiate the token. The default value is 10 seconds.

retry_policy: TokenRetryPolicy

Required

The retry policy for the PUT token request. The default retry policy has 3 retries.

verify: str

default value: None

The path to a user-defined certificate.

token_type: bytes

default value: b'jwt'

The type field of the token request. Default value is b"jwt".

http_proxy: dict

default value: None

HTTP proxy configuration. This should be a dictionary with the following keys present: 'proxy_hostname' and 'proxy_port'. Additional optional keys are 'username' and 'password'.

transport_type: <xref:uamqp.TransportType>

default value: TransportType.Amqp

The transport protocol type - default is ~uamqp.TransportType.Amqp. ~uamqp.TransportType.AmqpOverWebsocket is applied when http_proxy is set or the transport type is explicitly requested.

encoding: str

default value: UTF-8

The encoding to use if hostname is provided as a str. Default is 'UTF-8'.

refresh_window: int

The time in seconds before the token expiration time to start the process of token refresh. Default value is 10% of the remaining seconds until the token expires.

Methods

create_authenticator	Create the AMQP session and the CBS channel with which to negotiate the token.
update_token	Update a token that is about to expire. This is specific to a particular token type, and therefore must be implemented in a child class.

create_authenticator

Create the AMQP session and the CBS channel with which to negotiate the token.

create_authenticator(connection, debug=False, **kwargs)

Parameters

connection: Connection

Required

The underlying AMQP connection on which to create the session.

debug: bool

default value: False

Whether to emit network trace logging events for the CBS session. Default is False. Logging events are set at INFO level.

Return type

CBSTokenAuth

update_token

Update a token that is about to expire. This is specific to a particular token type, and therefore must be implemented in a child class.

update_token()

JWTTokenAuth Class

Constructor

Parameters

Methods

create_authenticator

Parameters

Return type

update_token

Feedback