pygamlastan.idp¶

IdP-side infrastructure: eduPersonTargetedID generation, the authentication broker, NameID storage coding, and an issued-assertion store.

eduPersonTargetedID¶

class pygamlastan.idp.Eptid(secret: str)¶

Derives stable, per-SP opaque identifiers from a server-side secret. The same user gets a consistent id at one SP but an unlinkable id at another.

get(idp_entity_id: str, sp_entity_id: str, user_id: str) → str¶

name_id(idp_entity_id: str, sp_entity_id: str, user_id: str) → pygamlastan.core.NameId¶

attribute(idp_entity_id: str, sp_entity_id: str, user_id: str) → pygamlastan.core.Attribute¶

Authentication broker¶

class pygamlastan.idp.AuthnBroker¶

Registers authentication methods and selects them by authentication context.

add(class_ref: str, method: str, level: int, authn_authority: str | None = None) → str¶: Register a method; returns its reference id.

get_by_class_ref(class_ref: str) → AuthnMethod | None¶

pick(requested: pygamlastan.core.RequestedAuthnContext | None = None) → list[AuthnMethod]¶: Methods matching a requested context (best first); with None, performs the unspecified-context lookup.

class pygamlastan.idp.AuthnMethod¶: class_ref, method, level (int), authn_authority (str | None), reference.

Assertion store¶

class pygamlastan.idp.InMemoryAssertionStore¶

Retains issued assertions to answer later queries.

store_assertion(assertion: pygamlastan.core.Assertion) → None¶

get_assertion(assertion_id: str) → pygamlastan.core.Assertion | None¶

assertions_for_subject(name_id_value: str) → list[pygamlastan.core.Assertion]¶

remove_assertion(assertion_id: str) → None¶

NameID storage coding¶

pygamlastan.idp.code_name_id(name_id: pygamlastan.core.NameId) → str¶: Serialize a NameID to an opaque storage string.

pygamlastan.idp.decode_name_id(coded: str) → pygamlastan.core.NameId¶: Parse a NameID from its storage string.