Casdoor's SDK for Python will allow you to easily connect your application to the Casdoor authentication system without having to implement it from scratch.
Casdoor-python-sdk is available on PyPI:
$ pip install casdoor
Casdoor SDK is simple to use. We will show you the steps below.
Initialization requires 5 parameters, which are all str type:
Name (in order) | Must | Description |
---|---|---|
endpoint | Yes | Casdoor Server Url, such as http://localhost:8000 |
client_id | Yes | Application.client_id |
client_secret | Yes | Application.client_secret |
certificate | Yes | Same as Casdoor certificate |
org_name | Yes | Organization name |
from casdoor import CasdoorSDK
certificate = b'''-----BEGIN CERTIFICATE-----
MIIE+TCCAuGgAwIBAgIDAeJAMA0GCSqGSIb3DQEBCwUAMDYxHTAbBgNVBAoTFENh
...
-----END CERTIFICATE-----'''
sdk = CasdoorSDK(
endpoint,
client_id,
client_secret,
certificate,
org_name,
)
OR use async version
from casdoor import AsyncCasdoorSDK
certificate = b'''-----BEGIN CERTIFICATE-----
MIIE+TCCAuGgAwIBAgIDAeJAMA0GCSqGSIb3DQEBCwUAMDYxHTAbBgNVBAoTFENh
...
-----END CERTIFICATE-----'''
sdk = AsyncCasdoorSDK(
endpoint,
client_id,
client_secret,
certificate,
org_name,
)
At this point, we should use some ways to verify with the Casdoor server.
To start, we want you understand clearly the verification process of Casdoor.
The following paragraphs will mention your app that wants to use Casdoor as a means
of verification as APP
, and Casdoor as Casdoor
.
-
APP
will send a request toCasdoor
.
SinceCasdoor
is a UI-based OAuth provider, you cannot use request management service like Postman to send a URL with parameters and get back a JSON file. -
The simplest way to try it out is to type the URL in your browser (in which JavaScript can be executed to run the UI).
-
Type in the URL in your browser in this format:
endpoint/login/oauth/authorize?client_id=xxx&response_type=code&redirect_uri=xxx&scope=read&state=xxx
In this URL theendpoint
is your Casdoor's location, as mentioned in Step1; then thexxx
need to be filled out by yourself.
Hints:
-
redirect_uri
is the URL that yourAPP
is configured to listen to the response fromCasdoor
. For example, if yourredirect_uri
ishttps://forum.casbin.com/callback
, then Casdoor will send a request to this URL along with two parameterscode
andstate
, which will be used in later steps for authentication. -
state
is usually your Application's name, you can find it under theApplications
tab inCasdoor
, and the leftmostName
column gives each application's name. -
Of course you want your
APP
to be able to send the URL. For example you should have something like a button, and it carries this URL. So when you click the button, you should be redirected toCasdoor
for verification. For now you are typing it in the browser simply for testing.
After Casdoor verification passed, it will be redirected to your application with code and state as said in Step2, like https://forum.casbin.com/callback?code=xxx&state=yyyy
.
Your web application can get the code
and call get_oauth_token(code=code)
, then parse out jwt token.
The general process is as follows:
token = sdk.get_oauth_token(code=code)
access_token = token.get("access_token")
decoded_msg = sdk.parse_jwt_token(access_token) # or sdk.parse_jwt_token(access_token, kwargs)
decoded_msg
is the JSON data decoded from the access_token
, which contains user info and other useful stuff.
casdoor-python-sdk support basic user operations, like:
get_user(user_id: str)
, get one user by user name.get_users()
, get all users.modify_user(method: str, user: User)/add_user(user: User)/update_user(user: User)/delete_user(user: User)
, write user to database.refresh_token_request(refresh_token: str, scope: str)
, refresh access tokenenforce(self, permission_model_name: str, sub: str, obj: str, act: str, v3: Optional[str], v4: Optional[str], v5: Optional[str])
, check permission from modelbatch_enforce(self, permission_model_name: str, permission_rules: list[list[str]])
, batch check permission from modelget_user_count(is_online: bool = None)
, get user count.
If your application doesn't have a frontend that redirects users to Casdoor and you have Password Credentials Grant enabled, then you may get access token like this:
token = sdk.get_oauth_token(username=username, password=password)
access_token = token.get("access_token")
decoded_msg = sdk.parse_jwt_token(access_token) # or sdk.parse_jwt_token(access_token, kwargs)
decoded_msg
is the JSON data decoded from the access_token
, which contains user info and other useful stuff.
You can also use Client Credentials Grant when your application does not have a frontend. It is important to note that the AccessToken obtained in this way differs from other in that it corresponds to the application rather than to the user.
token = sdk.get_oauth_token()
access_token = token.get("access_token")
decoded_msg = sdk.parse_jwt_token(access_token) # or sdk.parse_jwt_token(access_token, kwargs)
decoded_msg
is the JSON data decoded from the access_token
.