Authentication

Authentication module for handling API authentication.

class apilinker.core.auth.ApiKeyAuth(*, type: str = 'api_key', key: str, header_name: str = 'X-API-Key', in_header: bool = True, in_query: bool = False, query_param: str | None = None, **extra_data: Any)[source]

Bases: AuthConfig

API Key authentication configuration.

header_name: str

in_header: bool

in_query: bool

key: str

model_config: ClassVar[ConfigDict] = {'extra': 'allow'}: Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

query_param: str | None

type: str

class apilinker.core.auth.AuthConfig(*, type: str, **extra_data: Any)[source]

Bases: BaseModel

Base authentication configuration.

model_config: ClassVar[ConfigDict] = {'extra': 'allow'}: Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

type: str

class apilinker.core.auth.AuthManager(secure_storage=None)[source]

Bases: object

Manager for handling different types of authentication.

This class creates and manages authentication configurations for different APIs. It supports: - API Key - Bearer Token - Basic Auth - OAuth2 Client Credentials - OAuth2 PKCE (Proof Key for Code Exchange) - OAuth2 Device Flow

It also integrates with the secure credential storage system to safely store sensitive authentication information.

complete_pkce_flow(auth_config: OAuth2PKCE, authorization_code: str) → OAuth2PKCE[source]

Complete the OAuth2 PKCE flow by exchanging the authorization code for tokens.

Parameters:

auth_config – OAuth2 PKCE configuration
authorization_code – Authorization code received from redirect

Returns:

Updated OAuth2PKCE with token information

configure_auth(auth_config: Dict[str, Any]) → AuthConfig[source]

Configure authentication based on provided configuration.

Parameters:: auth_config – Authentication configuration dictionary
Returns:: AuthConfig instance for the specified authentication type

get_pkce_authorization_url(auth_config: OAuth2PKCE) → str[source]

Get the authorization URL for OAuth2 PKCE flow.

Parameters:: auth_config – OAuth2 PKCE configuration
Returns:: Authorization URL for the user to visit

poll_device_flow(auth_config: OAuth2DeviceFlow) → Tuple[bool, OAuth2DeviceFlow | None][source]

Poll for device flow completion and token retrieval.

Parameters:: auth_config – OAuth2 Device Flow configuration with device code
Returns:: Tuple of (completed, updated_config) - completed: True if the flow is complete, False if still pending - updated_config: Updated OAuth2DeviceFlow with token information if completed

refresh_oauth2_token(auth_config: OAuth2ClientCredentials) → OAuth2ClientCredentials[source]

Refresh an OAuth2 token using client credentials flow.

Parameters:: auth_config – OAuth2 client credentials configuration
Returns:: Updated OAuth2ClientCredentials with new token and expiry

refresh_pkce_token(auth_config: OAuth2PKCE) → OAuth2PKCE[source]

Refresh an OAuth2 token obtained via PKCE flow.

Parameters:: auth_config – OAuth2 PKCE configuration with refresh token
Returns:: Updated OAuth2PKCE with new token information

start_device_flow(auth_config: OAuth2DeviceFlow) → OAuth2DeviceFlow[source]

Start the OAuth2 device flow authentication process.

Parameters:: auth_config – OAuth2 Device Flow configuration
Returns:: Updated OAuth2DeviceFlow with device code information

class apilinker.core.auth.BasicAuth(*, type: str = 'basic', username: str, password: str, **extra_data: Any)[source]

Bases: AuthConfig

Basic authentication configuration.

model_config: ClassVar[ConfigDict] = {'extra': 'allow'}: Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

password: str

type: str

username: str

class apilinker.core.auth.BearerAuth(*, type: str = 'bearer', token: str, **extra_data: Any)[source]

Bases: AuthConfig

Bearer token authentication configuration.

model_config: ClassVar[ConfigDict] = {'extra': 'allow'}: Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

token: str

type: str

class apilinker.core.auth.OAuth2ClientCredentials(*, type: str = 'oauth2_client_credentials', client_id: str, client_secret: str, token_url: str, scope: str | None = None, token: str | None = None, expires_at: int | None = None, **extra_data: Any)[source]

Bases: AuthConfig

OAuth2 client credentials authentication configuration.

client_id: str

client_secret: str

expires_at: int | None

model_config: ClassVar[ConfigDict] = {'extra': 'allow'}: Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

scope: str | None

token: str | None

token_url: str

type: str

class apilinker.core.auth.OAuth2DeviceFlow(*, type: str = 'oauth2_device_flow', client_id: str, client_secret: str | None = None, device_authorization_url: str, token_url: str, scope: str | None = None, device_code: str | None = None, user_code: str | None = None, verification_uri: str | None = None, verification_uri_complete: str | None = None, token: str | None = None, refresh_token: str | None = None, expires_at: int | None = None, interval: int | None = None, storage_key: str | None = None, **extra_data: Any)[source]

Bases: AuthConfig

OAuth2 Device Flow authentication configuration.

This flow is designed for devices with limited input capabilities, such as TVs, IoT devices, and CLI applications.

client_id: str

client_secret: str | None

device_authorization_url: str

device_code: str | None

expires_at: int | None

interval: int | None

model_config: ClassVar[ConfigDict] = {'extra': 'allow'}: Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

refresh_token: str | None

scope: str | None

storage_key: str | None

token: str | None

token_url: str

type: str

user_code: str | None

verification_uri: str | None

verification_uri_complete: str | None

class apilinker.core.auth.OAuth2PKCE(*, type: str = 'oauth2_pkce', client_id: str, redirect_uri: str, authorization_url: str, token_url: str, scope: str | None = None, code_verifier: str | None = None, code_challenge: str | None = None, authorization_code: str | None = None, state: str | None = None, token: str | None = None, refresh_token: str | None = None, expires_at: int | None = None, storage_key: str | None = None, **extra_data: Any)[source]

Bases: AuthConfig

OAuth2 PKCE (Proof Key for Code Exchange) authentication configuration.

This flow is designed for public clients that cannot securely store a client secret, such as single-page applications and mobile apps.

authorization_code: str | None

authorization_url: str

client_id: str

code_challenge: str | None

code_verifier: str | None

expires_at: int | None

model_config: ClassVar[ConfigDict] = {'extra': 'allow'}: Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

redirect_uri: str

refresh_token: str | None

scope: str | None

state: str | None

storage_key: str | None

token: str | None

token_url: str

type: str