def clear_session(self, id):
"""Terminate a session
:param id: the target session id
:rtype: Session
"""
ApiClient.delete_path(self, '/{0}'.format(id))
def get_paged_users(self, limit=None, filter_string=None, after=None, url=None):
"""Get a paged list of Users
:param limit: maximum number of users to return
:type limit: int or None
:param filter_string: string to filter users
:type filter_string: str or None
:param after: user id that filtering will resume after
:type after: str
:param url: url that returns a list of User
:type url: str
:rtype: PagedResults of User
"""
if url:
response = ApiClient.get(self, url)
else:
params = {
'limit': limit,
'after': after,
'filter': filter_string
}
response = ApiClient.get_path(self, '/', params=params)
return PagedResults(response, User)
def get_paged_events(self, limit=None, start_date=None, after=None, filter_string=None, url=None):
"""Get a paged list of Events
:param limit: maximum number of events to return
:type limit: int or None
:param filter_string: string to filter events
:type filter_string: str or None
:param after: event id that filtering will resume after
:type after: str or None
:param url: url that returns a list of Event
:type url: str or None
:rtype: PagedResults of Event
"""
if url:
response = ApiClient.get(self, url)
else:
params = {
'limit': limit,
'startDate': start_date,
'after': after,
'filter': filter_string
}
response = ApiClient.get_path(self, '/', params=params)
return PagedResults(response, Event)
def deactivate_app_instance(self, id):
"""Deactivate app by target id
:param id: the target app id
:type id: str
:return: None
"""
ApiClient.post_path(self, '/{0}/lifecycle/deactivate'.format(id), None)
def delete_app_instance(self, id):
"""Delete app by target id
:param id: the target app id
:type id: str
:return: None
"""
ApiClient.delete_path(self, '/{0}'.format(id))
def reset_factor(self, user_id, user_factor_id):
"""Reset an enrolled factor
:param user_id: target user id
:type user_id: str
:param user_factor_id: target factor id
:type user_factor_id: str
:rtype: None
"""
ApiClient.delete_path(self, '/{0}/factors/{1}'.format(user_id, user_factor_id))
def verify_factor(self, user_id, user_factor_id, activation_token=None, answer=None, passcode=None, next_passcode=None):
"""Verify an enrolled factor
:param user_id: target user id
:type user_id: str
:param user_factor_id: target factor id
:type user_factor_id: str
:param activation_token: token required for activation
:type activation_token: str
:param answer: answer usually required for a question factor
:type answer: str
:param passcode: code required for verification
:type passcode: str
:param next_passcode: code usually required for TOTP
:type next_passcode: str
:return:
"""
request = {
'activationToken': activation_token,
'answer': answer,
'passCode': passcode,
'nextPassCode': next_passcode
}
response = ApiClient.post_path(self, '/{0}/factors/{1}/verify'.format(user_id, user_factor_id), request)
return Utils.deserialize(response.text, FactorVerificationResponse)
def authenticate(self, username, password,
relay_state=None, response_type=None, force_mfa=None, context=None):
"""Begin the authentication process with a username and password
:param username: user's username
:type username: str
:param password: user's password
:type password: str
:param relay_state: data that will persist for the lifetime of the authentication or recovery token
:type relay_state: str or None
:param response_type: the type of session to return (session_token or session_token_url usually)
:type response_type: str
:param force_mfa: whether to force mfa even if the auth is exempt
:type force_mfa: bool
:param context: contextual info about the auth request like ip and location
:type context: Context
:rtype: AuthResult
"""
request = {
'username': username,
'password': password,
'relayState': relay_state,
'context': context
}
params = {
'force_mfa': force_mfa,
'response_type': response_type
}
response = ApiClient.post_path(self, '/', request, params=params)
return Utils.deserialize(response.text, AuthResult)
def auth_with_factor(self, state_token, factor_id, passcode,
relay_state=None, remember_device=None):
"""Continue authentication with an MFA attempt
:param state_token: current state token from the previous AuthResult
:type state_token: str
:param factor_id: target factor id
:type factor_id: str
:param passcode: passcode required for authenticating the factor
:type passcode: str
:param relay_state: data that will persist for the lifetime of the authentication or recovery token
:type relay_state: str or None
:param remember_device: whether to remember this device to avoid requiring MFA next time
:type remember_device: bool
:rtype: AuthResult
"""
request = {
'stateToken': state_token,
'passCode': passcode,
'relayState': relay_state
}
params = {
'rememberDevice': remember_device
}
response = ApiClient.post_path(self, '/factors/{0}/verify'.format(factor_id),
request, params=params)
return Utils.deserialize(response.text, AuthResult)
def enroll_factor(self, state_token, factor_type, provider, profile, relay_state=None):
"""Enroll in an MFA factor during the auth flow. Usually only encountered if MFA is required for authentication
:param state_token: current state token from the previous AuthResult
:type state_token: str
:param factor_type: type of factor (sms, token, question, token:software:totp, token:hardware etc)
:type factor_type: str
:param provider: factor provider (OKTA, RSA, SYMANTEC, GOOGLE etc)
:type provider: str
:param profile: factor profile that depends on the factor type
:type profile: FactorProfile
:param relay_state: data that will persist for the lifetime of the authentication or recovery token
:type relay_state: str or None
:rtype: AuthResult
"""
request = {
'stateToken': state_token,
'factorType': factor_type,
'provider': provider,
'profile': profile,
'relayState': relay_state
}
response = ApiClient.post_path(self, '/factors', request)
return Utils.deserialize(response.text, AuthResult)
def extend_session(self, id):
"""Extend a session's lifespan
:param id: the target session id
:rtype: Session
"""
response = ApiClient.put_path(self, '/{0}'.format(id), None)
return Utils.deserialize(response.text, Session)
def expire_password(self, uid, temp_password=False):
"""Expire user's password by target user id
:param uid: the target user id
:type uid: str
:param temp_password: whether a temporary password should be set
:type temp_password: bool
:return: None or TempPassword
"""
if not temp_password:
response = ApiClient.post_path(self, '/{0}/lifecycle/expire_password'.format(uid))
else:
params = {
'tempPassword': temp_password
}
response = ApiClient.post_path(self, '/{0}/lifecycle/expire_password'.format(uid), params=params)
return Utils.deserialize(response.text, TempPassword)
def create_user(self, user, activate=None):
"""Create a user
:param user: the data to create a user
:type user: User
:param activate: whether to activate the user
:type activate: bool
:rtype: User
"""
if activate is None:
response = ApiClient.post_path(self, '/', user)
else:
params = {
'activate': activate
}
response = ApiClient.post_path(self, '/', user, params=params)
return Utils.deserialize(response.text, User)
def validate_session(self, id):
"""Validate a session
:param id: the target session id
:rtype: Session
"""
response = ApiClient.get_path(self, '/{0}'.format(id))
return Utils.deserialize(response.text, Session)
def get_app_instance(self, id):
"""Get a single app
:param id: the app id
:type id: str
:rtype: AppInstance
"""
response = ApiClient.get_path(self, '/{0}'.format(id))
return Utils.deserialize(response.text, AppInstance)
def unlock_user(self, uid):
"""Unlock user by target id
:param uid: the target user id
:type uid: str
:return: User
"""
response = ApiClient.post_path(self, '/{0}/lifecycle/unlock'.format(uid))
return Utils.deserialize(response.text, User)
def delete_group(self, gid):
"""Delete group by target id
:param gid: the target group id
:type gid: str
:return: None
"""
response = ApiClient.delete_path(self, '/{0}'.format(gid))
return Utils.deserialize(response.text, UserGroup)
def get_group_users(self, gid):
"""Get the users of a group
:param gid: the group id
:type gid: str
:rtype: User
"""
response = ApiClient.get_path(self, '/{0}/users'.format(gid))
return Utils.deserialize(response.text, User)
def get_user(self, uid):
"""Get a single user
:param uid: the user id or login
:type uid: str
:rtype: User
"""
response = ApiClient.get_path(self, '/{0}'.format(uid))
return Utils.deserialize(response.text, User)
def get_lifecycle_factors(self, user_id):
"""Get enrolled factors for a user
:param user_id: target user id
:type user_id: str
:rtype: list of Factor
"""
response = ApiClient.get_path(self, '/{0}/factors'.format(user_id))
return Utils.deserialize(response.text, Factor)
def deactivate_org_factor(self, org_factor_id):
"""Deactivate OrgAuthFactor
:param org_factor_id: target factor id
:type org_factor_id: str
:rtype: OrgAuthFactor
"""
response = ApiClient.post_path(self, '/factors/{0}/lifecycle/deactivate'.format(org_factor_id))
return Utils.deserialize(response.text, OrgAuthFactor)
def get_user_applinks(self, uid):
"""Get applinks of a single user
:param uid: the user id or login
:type uid: str
:rtype: AppLinks
"""
response = ApiClient.get_path(self, '/{0}/appLinks'.format(uid))
return Utils.deserialize(response.text, AppLinks)
def delete_user(self, uid):
"""Delete user by target id
:param uid: the target user id
:type uid: str
:return: None
"""
response = ApiClient.delete_path(self, '/{0}'.format(uid))
return Utils.deserialize(response.text, User)
def create_group(self, group):
"""Create a group
:param group: the data to create a group
:type group: UserGroup
:rtype: UserGroup
"""
response = ApiClient.post_path(self, '/', group)
return Utils.deserialize(response.text, UserGroup)
def get_group(self, gid):
"""Get a single group
:param gid: the group id
:type gid: str
:rtype: UserGroup
"""
response = ApiClient.get_path(self, '/{0}'.format(gid))
return Utils.deserialize(response.text, UserGroup)
def get_factors_catalog(self, user_id):
"""Get available factors for a user
:param user_id: target user id
:type user_id: str
:rtype: list of FactorCatalogEntry
"""
response = ApiClient.get_path(self, '/{0}/factors/catalog'.format(user_id))
return Utils.deserialize(response.text, FactorCatalogEntry)
def get_available_questions(self, user_id):
"""Get available factor questions
:param user_id: target user id
:type user_id: str
:rtype: list of Question
"""
response = ApiClient.get_path(self, '/{0}/factors/questions'.format(user_id))
return Utils.deserialize(response.text, Question)
def create_app_instance(self, app_instance):
"""Create a app instance
:param app_instance: the data to create a user
:type app_instance: AppInstance
:rtype: AppInstance
"""
response = ApiClient.post_path(self, '/', app_instance)
return Utils.deserialize(response.text, AppInstance)
def reset_factors(self, uid):
"""Reset all user factors by target id
:param uid: the target user id
:type uid: str
:return: None
"""
response = ApiClient.post_path(self, '/{0}/lifecycle/reset_factors'.format(uid))
return Utils.deserialize(response.text, User)
def deactivate_user(self, uid):
"""Deactivate user by target id
:param uid: the target user id
:type uid: str
:return: User
"""
response = ApiClient.post_path(self, '/{0}/lifecycle/deactivate'.format(uid))
return Utils.deserialize(response.text, User)
def get_status(self, state_token, relay_state=None):
"""Get the status of an in-progress authentication
:param state_token: current state token from the previous AuthResult
:type state_token: str
:param relay_state: data that will persist for the lifetime of the authentication or recovery token
:type relay_state: str or None
:rtype: AuthResult
"""
request = {'stateToken': state_token, 'relayState': relay_state}
response = ApiClient.post_path(self, '/', request)
return Utils.deserialize(response.text, AuthResult)
def forgot_password(self, username, relay_state=None):
"""Initiate a forgot password flow for a user
:param username: user's username
:type username: str
:param relay_state: data that will persist for the lifetime of the authentication or recovery token
:type relay_state: str or None
:rtype: AuthResult
"""
request = {'username': username, 'relayState': relay_state}
response = ApiClient.post_path(self, '/recovery/password', request)
return Utils.deserialize(response.text, AuthResult)
def validate_recovery_token(self, recovery_token, relay_state=None):
"""Validate a token for recovery
:param recovery_token: token distributed to end-user via out-of-band mechanism such as email
:type recovery_token: str
:param relay_state: data that will persist for the lifetime of the authentication or recovery token
:type relay_state: str or None
:rtype: AuthResult
"""
request = {'recoveryToken': recovery_token, 'relayState': relay_state}
response = ApiClient.post_path(self, '/recovery/token', request)
return Utils.deserialize(response.text, AuthResult)
def reset_password(self, uid, send_email=True):
"""Reset user's password by target user id
:param uid: the target user id
:type uid: str
:param send_email: whether a password reset email should be sent
:type send_email: bool
:return: None or ResetPasswordToken
"""
params = {'sendEmail': send_email}
response = ApiClient.post_path(
self, '/{0}/lifecycle/reset_password'.format(uid), params=params)
return Utils.deserialize(response.text, ResetPasswordToken)
def get_paged_group_members(self, gid, url=None, limit=None, after=None):
"""Get a paged list of users from a group
:param gid: the group id
:type gid: str
:param limit: maximum number of users to return
:type limit: int or None
:param after: user id that filtering will resume after
:type after: str
:param url: url that returns a list of User
:type url: str
:rtype: PagedResults of User
"""
if url:
response = ApiClient.get(self, url)
else:
params = {'limit': limit, 'after': after}
response = ApiClient.get_path(self,
'/{0}/users'.format(gid),
params=params)
return PagedResults(response, User)
def get_paged_groups(self, limit=None, after=None, url=None):
"""Get a paged list of UserGroups
:param limit: maximum number of groups to return
:type limit: int or None
:param after: group id that filtering will resume after
:type after: str
:param url: url that returns a list of UserGroup
:type url: str
:rtype: PagedResults of UserGroup
"""
if url:
response = ApiClient.get(self, url)
else:
params = {
'limit': limit,
'after': after
}
response = ApiClient.get_path(self, '/', params=params)
return PagedResults(response, UserGroup)
def unlock_account(self, username, relay_state=None):
"""Begin unlocking an account
:param username: user's username
:type username: str
:param relay_state: data that will persist for the lifetime of the authentication or recovery token
:type relay_state: str or None
:rtype: AuthResult
"""
request = {'username': username, 'relayState': relay_state}
response = ApiClient.post_path(self, '/recovery/unlock', request)
return Utils.deserialize(response.text, AuthResult)
def update_factor_device(self, user_id, factor_device_request):
"""Update a factor device for a user
:param user_id: target user id
:type user_id: str
:param factor_device_request: data to update the factor device
:type factor_device_request: FactorDeviceRequest
:rtype: FactorDevice
"""
response = ApiClient.post_path(self,
'/{0}/factors/{1}'.format(user_id),
factor_device_request)
return Utils.deserialize(response.text, FactorDevice)
def update_factor(self, user_id, user_factor_id, factor_enroll_request):
"""Update an enrolled factor
:param user_id: target user id
:type user_id: str
:param user_factor_id: target factor id
:type user_factor_id: str
:param factor_enroll_request: data to update the factor
:type factor_enroll_request: FactorEnrollRequest
:rtype: Factor
"""
response = ApiClient.put_path(
self, '/{0}/factors/{1}'.format(user_id, user_factor_id), factor_enroll_request)
return Utils.deserialize(response.text, Factor)
def get_factor_device(self, user_id, user_factor_id, device_id):
"""Get a factor device for a user
:param user_id: target user id
:type user_id: str
:param user_factor_id: target factor id
:type user_factor_id: str
:param device_id: target factor device id
:type device_id: str
:rtype: FactorDevice
"""
response = ApiClient.get_path(
self, '/{0}/factors/{1}/device/{2}'.format(user_id, user_factor_id, device_id))
return Utils.deserialize(response.text, FactorDevice)
def assign_user_by_id_to_app_for_SSO(self, aid, uid):
"""Assigns a user to an application for SSO
:param aid: the target app id
:type aid: str
:param uid: the target user id
:type uid: str
:rtype: AppUser
"""
params = {
'id': uid,
}
response = ApiClient.post_path(self, '/{0}/users'.format(aid), params)
return Utils.deserialize(response.text, AppUser)
def delete_user_sessions(self, uid, delete_tokens=False):
"""Removes all active identity provider sessions.
This forces the user to authenticate on the next operation.
Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
Note: This operation doesn't clear the sessions created for web sign in or native applications.
:param uid: the target user id
:type uid: str
:param delete_tokens: whether to revoke OIDC and OAuth refresh and access tokens. Default: false
:type delete_tokens: bool
:return: None
"""
if not delete_tokens:
response = ApiClient.delete_path(self, '/{0}/sessions'.format(uid))
else:
params = {'oauthTokens': delete_tokens}
response = ApiClient.delete_path(self,
'/{0}/sessions'.format(uid),
params=params)
return Utils.deserialize(response.text, DeleteSessionsRequest)
def _get_group_roles(api_client: ApiClient, group_id: str,
okta_org_id: str) -> str:
"""
Get user roles from Okta
:param api_client: api client
:param group_id: user to fetch roles from
:param okta_org_id: okta organization id
:return: group roles data
"""
# https://developer.okta.com/docs/reference/api/roles/#list-roles-assigned-to-group
response = api_client.get_path(f'/{group_id}/roles')
return response.text
def get_groups(self, limit=None, filter_string=None, query=None):
"""Get a list of UserGroups
:param limit: maximum number of groups to return
:type limit: int or None
:param filter_string: Filter expression for groups
:type filter_string: str or None
:param query: string to search group names
:type query: str or None
:rtype: list of UserGroup
"""
params = {'limit': limit, 'filter': filter_string, 'q': query}
response = ApiClient.get_path(self, '/', params=params)
return Utils.deserialize(response.text, UserGroup)
def get_users(self, limit=None, query=None, filter_string=None):
"""Get a list of Users
:param limit: maximum number of users to return
:type limit: int or None
:param query: string to search users' first names, last names, and emails
:type query: str or None
:param filter_string: string to filter users
:type filter_string: str or None
:rtype: list of User
"""
params = {'limit': limit, 'q': query, 'filter': filter_string}
response = ApiClient.get_path(self, '/', params=params)
return Utils.deserialize(response.text, User)
def get_paged_users(self,
limit=None,
filter_string=None,
after=None,
url=None):
"""Get a paged list of Users
:param limit: maximum number of users to return
:type limit: int or None
:param filter_string: string to filter users
:type filter_string: str or None
:param after: user id that filtering will resume after
:type after: str
:param url: url that returns a list of User
:type url: str
:rtype: PagedResults of User
"""
if url:
response = ApiClient.get(self, url)
else:
params = {'limit': limit, 'after': after, 'filter': filter_string}
response = ApiClient.get_path(self, '/', params=params)
return PagedResults(response, User)
def get_paged_group_targets_for_user_admin(self, uid, rid, url=None, limit=None):
"""Get a paged list of group targets for an USER_ADMIN role assignment
:param uid: the user id
:type uid: str
:param rid: the USER_ADMIN role id
:type rid: str
:param url: url that returns a list of group targets
:type url: str
:param limit: maximum number of Group to return
:type limit: int or None
:rtype: Array of UserGroup
"""
if url:
response = ApiClient.get(self, url)
else:
params = {
'limit': limit
}
url_path = '/{0}/roles/{1}/targets/groups'.format(uid, rid)
response = ApiClient.get_path(self, url_path, params=params)
return PagedResults(response, UserGroup)
def _get_application_assigned_users(api_client: ApiClient,
app_id: str) -> List[str]:
"""
Get users assigned to a specific application
:param api_client: api client
:param app_id: application id to get users from
:return: Array of user data
"""
app_users: List[str] = []
next_url = None
while True:
try:
# https://developer.okta.com/docs/reference/api/apps/#list-users-assigned-to-application
if next_url:
paged_response = api_client.get(next_url)
else:
params = {
'limit': 500,
}
paged_response = api_client.get_path(f'/{app_id}/users',
params)
except OktaError as okta_error:
logger.debug(
f"Got error while going through list application assigned users {okta_error}"
)
break
app_users.append(paged_response.text)
if not is_last_page(paged_response):
next_url = paged_response.links.get("next").get("url")
else:
break
return app_users
def create_api_client(okta_org, path_name, api_key):
"""
Create Okta ApiClient
:param okta_org: Okta organization name
:param path_name: API Path
:param api_key: Okta api key
:return: Instance of ApiClient
"""
api_client = ApiClient(
base_url=f"https://{okta_org}.okta.com/",
pathname=path_name,
api_token=api_key,
)
return api_client
def get_paged_app_targets_for_app_admin(self, uid, rid, url=None, limit=None):
"""Get a paged list of app targets for an APP_ADMIN role assignment
:param uid: the user id
:type uid: str
:param rid: the APP_ADMIN role id
:type rid: str
:param url: url that returns a list of app targets
:type url: str
:param limit: maximum number of Apps to return
:type limit: int or None
:rtype: Array of CatalogApp
"""
if url:
response = ApiClient.get(self, url)
else:
params = {
'limit': limit
}
url_path = '/{0}/roles/{1}/targets/catalog/apps'.format(uid, rid)
response = ApiClient.get_path(self, url_path, params=params)
# TODO: create Catalog App Model
return PagedResults(response, AppInstance)
def _get_application_assigned_groups(api_client: ApiClient,
app_id: str) -> List[str]:
"""
Get groups assigned to a specific application
:param api_client: api client
:param app_id: application id to get users from
:return: Array of group id
"""
app_groups: List[str] = []
next_url = None
while True:
try:
if next_url:
paged_response = api_client.get(next_url)
else:
params = {
'limit': 500,
}
paged_response = api_client.get_path(f'/{app_id}/groups',
params)
except OktaError as okta_error:
logger.debug(
f"Got error while going through list application assigned groups {okta_error}"
)
break
app_groups.append(paged_response.text)
if not is_last_page(paged_response):
next_url = paged_response.links.get("next").get("url")
else:
break
return app_groups
def create_session_by_session_token(self,
session_token,
additional_fields=None):
"""Create a session using a session token
:param session_token: a token that can be exchanged for a session
:type session_token: str
:param additional_fields: additional fields that will be included in the response
:type additional_fields: str
:rtype: Session
"""
data = {'sessionToken': session_token}
params = {'additionalFields': additional_fields}
response = ApiClient.post_path(self, '/', data, params=params)
return Utils.deserialize(response.text, Session)
def get_app_instances(self, limit=None, filter_string=None):
"""Get a list of AppInstances
:param limit: maximum number of apps to return
:type limit: int or None
:param filter_string: string to filter users
:type filter_string: str or None
:rtype: list of AppInstance
"""
params = {
'limit': limit,
'filter': filter_string
}
response = ApiClient.get_path(self, '/', params=params)
return Utils.deserialize(response.text, AppInstance)
def get_group_members(self, gid, limit=None, after=None):
"""Get a list of users from a group
:param gid: the group id
:type gid: str
:param limit: maximum number of users to return
:type limit: int or None
:param after: user id that filtering will resume after
:type after: str
:rtype: list of User
"""
params = {'limit': limit, 'after': after}
response = ApiClient.get_path(self,
'/{0}/users'.format(gid),
params=params)
return Utils.deserialize(response.text, User)
def resend_code(self, state_token, factor_id, relay_state=None):
"""Resend an a passcode for an authentication factor
:param state_token: current state token from the previous AuthResult
:type state_token: str
:param factor_id: target factor id
:type factor_id: str
:param relay_state: data that will persist for the lifetime of the authentication or recovery token
:type relay_state: str or None
:rtype: AuthResult
"""
request = {'stateToken': state_token, 'relayState': relay_state}
response = ApiClient.post_path(
self, '/factors/{0}/lifecycle/resend'.format(factor_id), request)
return Utils.deserialize(response.text, AuthResult)
def assign_admin_role_to_user(self, uid, role):
"""Assign an admin role for a single user
:param uid: the user id
:type uid: str
:param role: the role to be assigned to user
:type role: str
:rtype: Role
"""
data = {
'type': role
}
url_path = '/{0}/roles'.format(uid)
response = ApiClient.post_path(self, url_path, data=data)
return Utils.deserialize(response.text, Role)
def activate_user(self, uid, send_email=True):
"""Activate user by target id
:param uid: the target user id
:type uid: str
:param send_email: sends an activation email to the user
:type send_email: bool
:return: None or ActivationResponse
"""
params = {
'sendEmail': send_email,
}
response = ApiClient.post_path(self,
'/{0}/lifecycle/activate'.format(uid),
params=params)
return Utils.deserialize(response.text, ActivationResponse)
def enroll_factor(self, user_id, factor_enroll_request, update_phone=None):
"""Enroll a user into a factor
:param user_id: target user id
:type user_id: str
:param factor_enroll_request: the details to enroll the user
:type factor_enroll_request: FactorEnrollRequest
:param update_phone: whether to update the user's phone during enrollment
:type update_phone: bool
:rtype: Factor
"""
params = {
'updatePhone': update_phone
}
response = ApiClient.post_path(self, '/{0}/factors'.format(user_id), factor_enroll_request, params=params)
return Utils.deserialize(response.text, Factor)
def create_session(self, username, password, additional_fields=None):
"""Create a session
:param username: the user's username
:type username: str
:param password: the user's password
:type password: str
:param additional_fields: additional fields that will be included in the response
:type additional_fields: str
:rtype: Session
"""
creds = Credentials()
creds.username = username
creds.password = password
params = {'additionalFields': additional_fields}
response = ApiClient.post_path(self, '/', creds, params=params)
return Utils.deserialize(response.text, Session)
def get_group_targets_for_user_admin(self, uid, rid, limit=None):
"""Get a list of group targets for an USER_ADMIN role assignment
:param uid: the user id
:type uid: str
:param rid: the USER_ADMIN role id
:type rid: str
:param limit: maximum number of Groups to return
:type limit: int or None
:rtype: Array of UserGroup
"""
params = {
'limit': limit
}
url = '/{0}/roles/{1}/targets/groups'.format(uid, rid)
response = ApiClient.get_path(self, url, params=params)
return Utils.deserialize(response.text, UserGroup)
