OpenID

Interface

For OpenID automations, it is possible to define a custom function for handling the user logged in event. This function will be called when the user logs in using OpenID.

User Logged In

You can implement your own handle function to handle the “User Logged In” event for OpenID. By default the following function is used:

fair_wizard.automation.openid.handle_openid_user_logged_in(openid_event: OpenIdUserLoggedInEvent) AuthorizedUserResponse | ForbiddenResponse | ErrorResponse[source]

Default handle function for “OpenID User Logged In” event.

Parameters:

openid_event – incoming OpenIdUserLoggedInEvent event

Returns:

resulting UserLoginResponse response

Your handle function must have the same signature, i.e. accept OpenIdUserLoggedInEvent as the argument and return UserLoginResponse.

For example, your function can look like this:

from fair_wizard.automation.openid.model import OpenIdUserLoggedInEvent, UserLoginResponse, ErrorResponse, AuthorizedUserResponse

def handle_openid_user_logged_in(openid_event: OpenIdUserLoggedInEvent) -> UserLoginResponse:
    try:
        email = retrieve_email_from_orcid(openid_event)
    except Exception:
        return ErrorResponse(
            message='Failed to retrieve email from ORCID (cannot log in)',
        )
    return AuthorizedUserResponse(
        first_name=openid_event.id_token.other_claims['given_name'],
        last_name=openid_event.id_token.other_claims['family_name'],
        image_url=None,
        affiliation=None,
        email=email,
        user_group_uuids=[],
    )

Notice that UserLoginResponse is actually just a type alias for union of AuthorizedUserResponse, ErrorResponse, and ForbiddenResponse.

Model

pydantic model fair_wizard.automation.openid.model.IdToken[source]

Model for ID token of OpenID

Show JSON schema
{
   "title": "IdToken",
   "description": "Model for ID token of OpenID",
   "type": "object",
   "properties": {
      "iss": {
         "title": "Iss",
         "type": "string"
      },
      "sub": {
         "title": "Sub",
         "type": "string"
      },
      "aud": {
         "items": {
            "type": "string"
         },
         "title": "Aud",
         "type": "array"
      },
      "exp": {
         "title": "Exp",
         "type": "integer"
      },
      "iat": {
         "title": "Iat",
         "type": "integer"
      },
      "nonce": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Nonce"
      },
      "otherClaims": {
         "default": {},
         "title": "Otherclaims",
         "type": "object"
      }
   },
   "required": [
      "iss",
      "sub",
      "aud",
      "exp",
      "iat"
   ]
}

Fields:
field aud: list[str] [Required]
field exp: int [Required]
field iat: int [Required]
field iss: str [Required]
field nonce: str | None = None
field other_claims: dict = {} (alias 'otherClaims')
field sub: str [Required]
pydantic model fair_wizard.automation.openid.model.OpenIdUserLoggedInEvent[source]

Model for “OpenID User Logged In” event

Show JSON schema
{
   "title": "OpenIdUserLoggedInEvent",
   "description": "Model for \"OpenID User Logged In\" event",
   "type": "object",
   "properties": {
      "accessToken": {
         "title": "Accesstoken",
         "type": "string"
      },
      "tokenType": {
         "title": "Tokentype",
         "type": "string"
      },
      "idToken": {
         "$ref": "#/$defs/IdToken"
      },
      "idTokenJwt": {
         "title": "Idtokenjwt",
         "type": "string"
      },
      "expiresIn": {
         "title": "Expiresin",
         "type": "integer"
      },
      "refreshToken": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Refreshtoken"
      }
   },
   "$defs": {
      "IdToken": {
         "description": "Model for ID token of OpenID",
         "properties": {
            "iss": {
               "title": "Iss",
               "type": "string"
            },
            "sub": {
               "title": "Sub",
               "type": "string"
            },
            "aud": {
               "items": {
                  "type": "string"
               },
               "title": "Aud",
               "type": "array"
            },
            "exp": {
               "title": "Exp",
               "type": "integer"
            },
            "iat": {
               "title": "Iat",
               "type": "integer"
            },
            "nonce": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "title": "Nonce"
            },
            "otherClaims": {
               "default": {},
               "title": "Otherclaims",
               "type": "object"
            }
         },
         "required": [
            "iss",
            "sub",
            "aud",
            "exp",
            "iat"
         ],
         "title": "IdToken",
         "type": "object"
      }
   },
   "required": [
      "accessToken",
      "tokenType",
      "idToken",
      "idTokenJwt",
      "expiresIn"
   ]
}

Fields:
field access_token: str [Required] (alias 'accessToken')
field expires_in: int [Required] (alias 'expiresIn')
field id_token: IdToken [Required] (alias 'idToken')
field id_token_jwt: str [Required] (alias 'idTokenJwt')
field refresh_token: str | None = None (alias 'refreshToken')
field token_type: str [Required] (alias 'tokenType')