def deactivate_app_instance(self, id): """Deactivate app by target id :param id: the target app id :type id: str :return: None """ ApiClient.post_path(self, '/{0}/lifecycle/deactivate'.format(id), None)
def create_user(self, user, activate=None): """Create a user :param user: the data to create a user :type user: User :param activate: whether to activate the user :type activate: bool :rtype: User """ if activate is None: response = ApiClient.post_path(self, '/', user) else: params = {'activate': activate} response = ApiClient.post_path(self, '/', user, params=params) return Utils.deserialize(response.text, self.user_class)
def forgot_password_answer(self, state_token, security_answer, new_password, relay_state=None): """Answer the forgot password during an authentication flow :param state_token: current state token from the previous AuthResult :type state_token: str :param security_answer: answer to a user's security question :type security_answer: str :param new_password: user's desired password :type new_password: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ url_path = '/api/v1/authn/recovery/answer' request = { 'stateToken': state_token, 'securityAnswer': security_answer, 'newPassword': new_password, 'relayState': relay_state } response = ApiClient.post_path(self, url_path, request) return Utils.deserialize(response.text, AuthResult)
def unlock_account_answer(self, state_token, security_answer, relay_state=None): """Unlock an account during an authentication :param state_token: current state token from the previous AuthResult :type state_token: str :param security_answer: answer to the user's security question :type security_answer: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ url_path = '/api/v1/authn/recovery/answer' request = { 'stateToken': state_token, 'securityAnswer': security_answer, 'relayState': relay_state } response = ApiClient.post_path(self, url_path, request) return Utils.deserialize(response.text, AuthResult)
def enroll_factor(self, state_token, factor_type, provider, profile, relay_state=None): """Enroll in an MFA factor during the auth flow. Usually only encountered if MFA is required for authentication :param state_token: current state token from the previous AuthResult :type state_token: str :param factor_type: type of factor (sms, token, question, token:software:totp, token:hardware etc) :type factor_type: str :param provider: factor provider (OKTA, RSA, SYMANTEC, GOOGLE etc) :type provider: str :param profile: factor profile that depends on the factor type :type profile: FactorProfile :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ request = { 'stateToken': state_token, 'factorType': factor_type, 'provider': provider, 'profile': profile, 'relayState': relay_state } response = ApiClient.post_path(self, '/factors', request) return Utils.deserialize(response.text, AuthResult)
def authenticate(self, username, password, relay_state=None, response_type=None, force_mfa=None, context=None): """Begin the authentication process with a username and password :param username: user's username :type username: str :param password: user's password :type password: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :param response_type: the type of session to return (session_token or session_token_url usually) :type response_type: str :param force_mfa: whether to force mfa even if the auth is exempt :type force_mfa: bool :param context: contextual info about the auth request like ip and location :type context: Context :rtype: AuthResult """ request = { 'username': username, 'password': password, 'relayState': relay_state, 'context': context } params = {'force_mfa': force_mfa, 'response_type': response_type} response = ApiClient.post_path(self, '/', request, params=params) return Utils.deserialize(response.text, AuthResult)
def auth_with_factor(self, state_token, factor_id, passcode, relay_state=None, remember_device=None): """Continue authentication with an MFA attempt :param state_token: current state token from the previous AuthResult :type state_token: str :param factor_id: target factor id :type factor_id: str :param passcode: passcode required for authenticating the factor :type passcode: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :param remember_device: whether to remember this device to avoid requiring MFA next time :type remember_device: bool :rtype: AuthResult """ url_path = '/api/v1/authn/factors/{0}/verify'.format(factor_id) request = { 'stateToken': state_token, 'passCode': passcode, 'relayState': relay_state } params = {'rememberDevice': remember_device} response = ApiClient.post_path(self, url_path, request, params=params) return Utils.deserialize(response.text, AuthResult)
def change_password(self, state_token, old_password, new_password, relay_state=None): """Change a user's password during an authentication flow :param state_token: current state token from the previous AuthResult :type state_token: str :param old_password: user's current password :type old_password: str :param new_password: user's desired password :type new_password: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ url_path = '/api/v1/authn/credentials/change_password' request = { 'stateToken': state_token, 'oldPassword': old_password, 'newPassword': new_password, 'relayState': relay_state } response = ApiClient.post_path(self, url_path, request) return Utils.deserialize(response.text, AuthResult)
def verify_factor(self, user_id, user_factor_id, activation_token=None, answer=None, passcode=None, next_passcode=None): """Verify an enrolled factor :param user_id: target user id :type user_id: str :param user_factor_id: target factor id :type user_factor_id: str :param activation_token: token required for activation :type activation_token: str :param answer: answer usually required for a question factor :type answer: str :param passcode: code required for verification :type passcode: str :param next_passcode: code usually required for TOTP :type next_passcode: str :return: """ request = { 'activationToken': activation_token, 'answer': answer, 'passCode': passcode, 'nextPassCode': next_passcode } response = ApiClient.post_path(self, '/{0}/factors/{1}/verify'.format(user_id, user_factor_id), request) return Utils.deserialize(response.text, FactorVerificationResponse)
def change_recovery_question(self, uid, password, question, answer): """Changes a user's recovery question & answer by validating the user's current password :param uid: the target user id :type uid: str :param password: the user's current password :type password: str :param question: the new recovery question :type question: str :param answer: the answer to the new recovery question :type answer: str """ data = { 'password': { 'value': password }, 'recovery_question': { 'question': question, 'answer': answer } } response = ApiClient.post_path( self, '/{0}/credentials/change_recovery_question'.format(uid), data) return Utils.deserialize(response.text, LoginCredentials)
def forgot_password(auth_client, username, factor_type): """Patched function to forgot password flow from okta.AuthClient """ request = {'username': username, 'factorType': factor_type} response = ApiClient.post_path(auth_client, '/recovery/password', request) return Utils.deserialize(response.text, AuthResult)
def activate_factor(self, state_token, factor_id, passcode, relay_state=None): """Activate an MFA factor during the auth flow :param state_token: current state token from the previous AuthResult :type state_token: str :param factor_id: target factor id :type factor_id: str :param passcode: passcode required to activate the factor :type passcode: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ url_path = ('/api/v1/authn/factors\ /{0}/lifecycle/activate').format(factor_id) request = { 'stateToken': state_token, 'passCode': passcode, 'relayState': relay_state } response = ApiClient.post_path(self, url_path, request) return Utils.deserialize(response.text, AuthResult)
def authenticate(self, username, password, relay_state=None, response_type=None, force_mfa=None, context=None): """Begin the authentication process with a username and password :param username: user's username :type username: str :param password: user's password :type password: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :param response_type: the type of session to return (session_token or session_token_url usually) :type response_type: str :param force_mfa: whether to force mfa even if the auth is exempt :type force_mfa: bool :param context: contextual info about the auth request like ip and location :type context: Context :rtype: AuthResult """ request = { 'username': username, 'password': password, 'relayState': relay_state, 'context': context } params = { 'force_mfa': force_mfa, 'response_type': response_type } response = ApiClient.post_path(self, '/', request, params=params) return Utils.deserialize(response.text, AuthResult)
def auth_with_factor(self, state_token, factor_id, passcode, relay_state=None, remember_device=None): """Continue authentication with an MFA attempt :param state_token: current state token from the previous AuthResult :type state_token: str :param factor_id: target factor id :type factor_id: str :param passcode: passcode required for authenticating the factor :type passcode: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :param remember_device: whether to remember this device to avoid requiring MFA next time :type remember_device: bool :rtype: AuthResult """ request = { 'stateToken': state_token, 'passCode': passcode, 'relayState': relay_state } params = { 'rememberDevice': remember_device } response = ApiClient.post_path(self, '/factors/{0}/verify'.format(factor_id), request, params=params) return Utils.deserialize(response.text, AuthResult)
def expire_password(self, uid, temp_password=False): """Expire user's password by target user id :param uid: the target user id :type uid: str :param temp_password: whether a temporary password should be set :type temp_password: bool :return: None or TempPassword """ if not temp_password: response = ApiClient.post_path(self, '/{0}/lifecycle/expire_password'.format(uid)) else: params = { 'tempPassword': temp_password } response = ApiClient.post_path(self, '/{0}/lifecycle/expire_password'.format(uid), params=params) return Utils.deserialize(response.text, TempPassword)
def create_user(self, user, activate=None): """Create a user :param user: the data to create a user :type user: User :param activate: whether to activate the user :type activate: bool :rtype: User """ if activate is None: response = ApiClient.post_path(self, '/', user) else: params = { 'activate': activate } response = ApiClient.post_path(self, '/', user, params=params) return Utils.deserialize(response.text, User)
def create_app_instance(self, app_instance): """Create a app instance :param app_instance: the data to create a user :type app_instance: AppInstance :rtype: AppInstance """ response = ApiClient.post_path(self, '/', app_instance) return Utils.deserialize(response.text, AppInstance)
def deactivate_group_rule(self, rid): """Deactivates a specific group rule by id from your organization :param rid: Id of the rule to be deactivated :type rid: str :return: None """ return ApiClient.post_path( self, '/rules/{0}/lifecycle/deactivate'.format(rid))
def unlock_user(self, uid): """Unlock user by target id :param uid: the target user id :type uid: str :return: User """ response = ApiClient.post_path(self, '/{0}/lifecycle/unlock'.format(uid)) return Utils.deserialize(response.text, User)
def deactivate_user(self, uid): """Deactivate user by target id :param uid: the target user id :type uid: str :return: User """ response = ApiClient.post_path(self, '/{0}/lifecycle/deactivate'.format(uid)) return Utils.deserialize(response.text, User)
def reset_factors(self, uid): """Reset all user factors by target id :param uid: the target user id :type uid: str :return: None """ response = ApiClient.post_path(self, '/{0}/lifecycle/reset_factors'.format(uid)) return Utils.deserialize(response.text, User)
def create_identity_provider(self, identity_provider): """Create an identity provider :param identity_provider: the data to create the idp :type app_instance: IdentityProvider :rtype: IdentityProvider """ response = ApiClient.post_path(self, '/', identity_provider) return Utils.deserialize(response.text, IdentityProvider)
def create_group(self, group): """Create a group :param group: the data to create a group :type group: UserGroup :rtype: UserGroup """ response = ApiClient.post_path(self, '/', group) return Utils.deserialize(response.text, UserGroup)
def deactivate_org_factor(self, org_factor_id): """Deactivate OrgAuthFactor :param org_factor_id: target factor id :type org_factor_id: str :rtype: OrgAuthFactor """ response = ApiClient.post_path(self, '/factors/{0}/lifecycle/deactivate'.format(org_factor_id)) return Utils.deserialize(response.text, OrgAuthFactor)
def expire_password(self, uid, temp_password=False): """Expire user's password by target user id :param uid: the target user id :type uid: str :param temp_password: whether a temporary password should be set :type temp_password: bool :return: None or TempPassword """ if not temp_password: response = ApiClient.post_path( self, '/{0}/lifecycle/expire_password'.format(uid)) else: params = {'tempPassword': temp_password} response = ApiClient.post_path( self, '/{0}/lifecycle/expire_password'.format(uid), params=params) return Utils.deserialize(response.text, TempPassword)
def unsuspend_user(self, uid): """Unsuspend user by target id :param uid: the target user id :type uid: str :return: User """ response = ApiClient.post_path(self, '/{0}/lifecycle/unsuspend'.format(uid)) return Utils.deserialize(response.text, self.user_class)
def assign_roles_to_user(self, uid, role_type): """Assigns a role to a user. :param uid: User id: str :param role_type: Role type: str :return: Role """ data = {'type': role_type} response = ApiClient.post_path(self, '/{0}/roles'.format(uid), data) return Utils.deserialize(response.text, Role)
def reset_factors(self, uid): """Reset all user factors by target id :param uid: the target user id :type uid: str :return: None """ response = ApiClient.post_path( self, '/{0}/lifecycle/reset_factors'.format(uid)) return Utils.deserialize(response.text, User)
def update_factor_device(self, user_id, factor_device_request): """Update a factor device for a user :param user_id: target user id :type user_id: str :param factor_device_request: data to update the factor device :type factor_device_request: FactorDeviceRequest :rtype: FactorDevice """ response = ApiClient.post_path(self, '/{0}/factors/{1}'.format(user_id), factor_device_request) return Utils.deserialize(response.text, FactorDevice)
def activate_org_factor(self, org_factor_id, org_auth_factor=None): """Activate OrgAuthFactor :param org_factor_id: target factor id :type org_factor_id: str :param org_auth_factor: additional factor data :param org_auth_factor: OrgAuthFactor :rtype: OrgAuthFactor """ response = ApiClient.post_path(self, '/factors/{0}/lifecycle/activate'.format(org_factor_id), org_auth_factor) return Utils.deserialize(response.text, OrgAuthFactor)
def update_user_by_id_partially(self, uid, user): """Partially update a user, defined by an id :param uid: the target user id :type uid: str :param user: the data to update the target user :type user: User :rtype: User """ response = ApiClient.post_path(self, '/{0}'.format(uid), user) return Utils.deserialize(response.text, self.user_model)
def enroll_factor_device(self, user_id, factor_enroll_request): """Enroll a factor device for a user :param user_id: target user id :type user_id: str :param factor_enroll_request: data to enroll the factor device :type factor_enroll_request: FactorEnrollRequest :rtype: FactorDevice """ response = ApiClient.post_path(self, '/{0}/devices'.format(user_id), factor_enroll_request) return Utils.deserialize(response.text, FactorDevice)
def resend_code(self, user_id, user_factor_id): """Resend code for a factor :param user_id: target user id :type user_id: str :param user_factor_id: target factor id :type user_factor_id: str :return: """ response = ApiClient.post_path(self, '/{0}/factors/{1}/resend'.format(user_id, user_factor_id)) return Utils.deserialize(response.text, Factor)
def activate_user(self, uid, send_email=True): """Activate user by target id :param uid: the target user id :type uid: str :return: User """ params = {'sendEmail': send_email} response = ApiClient.post_path(self, '/{0}/lifecycle/activate'.format(uid), params=params) return Utils.deserialize(response.text, ActivationResponse)
def create_user(self, user, activate=None, next_login=None): """Create a user :param user: the data to create a user :type user: User :param activate: whether to activate the user :type activate: bool :param next_login: set to 'changePassword' to force a password change :type next_login: str :rtype: User """ if activate is None: response = ApiClient.post_path(self, '/', user) else: params = {} if activate is not None: params['activate'] = activate if next_login is not None: params['nextLogin'] = next_login response = ApiClient.post_path(self, '/', user, params=params) return Utils.deserialize(response.text, User)
def create_session_by_session_token(self, session_token, additional_fields=None): """Create a session using a session token :param session_token: a token that can be exchanged for a session :type session_token: str :param additional_fields: additional fields that will be included in the response :type additional_fields: str :rtype: Session """ data = {'sessionToken': session_token} params = {'additionalFields': additional_fields} response = ApiClient.post_path(self, '/', data, params=params) return Utils.deserialize(response.text, Session)
def reset_password(self, uid, send_email=True): """Reset user's password by target user id :param uid: the target user id :type uid: str :param send_email: whether a password reset email should be sent :type send_email: bool :return: None or ResetPasswordToken """ params = { 'sendEmail': send_email } response = ApiClient.post_path(self, '/{0}/lifecycle/reset_password'.format(uid), params=params) return Utils.deserialize(response.text, ResetPasswordToken)
def enroll_factor(self, user_id, factor_enroll_request, update_phone=None): """Enroll a user into a factor :param user_id: target user id :type user_id: str :param factor_enroll_request: the details to enroll the user :type factor_enroll_request: FactorEnrollRequest :param update_phone: whether to update the user's phone during enrollment :type update_phone: bool :rtype: Factor """ params = { 'updatePhone': update_phone } response = ApiClient.post_path(self, '/{0}/factors'.format(user_id), factor_enroll_request, params=params) return Utils.deserialize(response.text, Factor)
def validate_recovery_token(self, recovery_token, relay_state=None): """Validate a token for recovery :param recovery_token: token distributed to end-user via out-of-band mechanism such as email :type recovery_token: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ request = { 'recoveryToken': recovery_token, 'relayState': relay_state } response = ApiClient.post_path(self, '/recovery/token', request) return Utils.deserialize(response.text, AuthResult)
def forgot_password(self, username, relay_state=None): """Initiate a forgot password flow for a user :param username: user's username :type username: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ request = { 'username': username, 'relayState': relay_state } response = ApiClient.post_path(self, '/recovery/password', request) return Utils.deserialize(response.text, AuthResult)
def unlock_account(self, username, relay_state=None): """Begin unlocking an account :param username: user's username :type username: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ request = { 'username': username, 'relayState': relay_state } response = ApiClient.post_path(self, '/recovery/unlock', request) return Utils.deserialize(response.text, AuthResult)
def get_status(self, state_token, relay_state=None): """Get the status of an in-progress authentication :param state_token: current state token from the previous AuthResult :type state_token: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ request = { 'stateToken': state_token, 'relayState': relay_state } response = ApiClient.post_path(self, '/', request) return Utils.deserialize(response.text, AuthResult)
def create_session(self, username, password, additional_fields=None): """Create a session :param username: the user's username :type username: str :param password: the user's password :type password: str :param additional_fields: additional fields that will be included in the response :type additional_fields: str :rtype: Session """ creds = Credentials() creds.username = username creds.password = password params = {'additionalFields': additional_fields} response = ApiClient.post_path(self, '/', creds, params=params) return Utils.deserialize(response.text, Session)
def verify_transaction(self, factor_id, transaction_id, user_response): """Verify a transaction :param factor_id: target factor id :type factor_id: str :param transaction_id: target transaction id :type transaction_id: str :param user_response: APPROVE or REJECT :type user_response: str :rtype: AuthResult """ request = { 'result': user_response } response = ApiClient.post_path(self, '/factors/{0}/transactions/{1}/verify'.format(factor_id, transaction_id), request) return Utils.deserialize(response.text, AuthResult)
def resend_code(self, state_token, factor_id, relay_state=None): """Resend an a passcode for an authentication factor :param state_token: current state token from the previous AuthResult :type state_token: str :param factor_id: target factor id :type factor_id: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ request = { 'stateToken': state_token, 'relayState': relay_state } response = ApiClient.post_path(self, '/factors/{0}/lifecycle/resend'.format(factor_id), request) return Utils.deserialize(response.text, AuthResult)
def unlock_account_answer(self, state_token, security_answer, relay_state=None): """Unlock an account during an authentication :param state_token: current state token from the previous AuthResult :type state_token: str :param security_answer: answer to the user's security question :type security_answer: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ request = { 'stateToken': state_token, 'securityAnswer': security_answer, 'relayState': relay_state } response = ApiClient.post_path(self, '/recovery/answer', request) return Utils.deserialize(response.text, AuthResult)
def reset_password(self, state_token, new_password, relay_state=None): """Reset a user's password during an authentication flow :param state_token: current state token from the previous AuthResult :type state_token: str :param new_password: user's desired password :type new_password: str :param relay_state: data that will persist for the lifetime of the authentication or recovery token :type relay_state: str or None :rtype: AuthResult """ request = { 'stateToken': state_token, 'newPassword': new_password, 'relayState': relay_state } response = ApiClient.post_path(self, '/credentials/reset_password', request) return Utils.deserialize(response.text, AuthResult)
def activate_factor_device(self, user_id, user_factor_id, device_id, passcode): """Activate a factor device for a user :param user_id: target user id :type user_id: str :param user_factor_id: target factor id :type user_factor_id: str :param device_id: target factor device id :type device_id: str :param passcode: code required to activate the factor device :type passcode: str :rtype: FactorDevice """ request = { 'passCode': passcode } response = ApiClient.post_path(self, '/{0}/factors/{1}/devices/{2}/lifecycle/activate'.format( user_id, user_factor_id, device_id), request) return Utils.deserialize(response.text, Factor)