sda.dashboard.api.cloud_auth ============================ .. py:module:: sda.dashboard.api.cloud_auth .. autoapi-nested-parse:: SDA-Cloud: Microsoft Entra delegated sign-in for the hosted dashboard. Enable by setting environment variables (see :func:`cloud_auth_enabled`). Uses the **SDA-Cloud** confidential app registration (Web redirect) — distinct from **SDA-Desktop** (public client) used by CLI / ``get_access_token_interactive``. Tokens are stored in a server-side in-memory store (``_TOKEN_STORE``) keyed by a random session ID. Only the session ID (a short random string) is kept in the signed session cookie, keeping cookie size well under the 4 KB browser limit. Attributes ---------- .. autoapisummary:: sda.dashboard.api.cloud_auth.logger sda.dashboard.api.cloud_auth.SESSION_KEY_ID sda.dashboard.api.cloud_auth.SESSION_KEY_STATE sda.dashboard.api.cloud_auth.SESSION_KEY_ACCESS sda.dashboard.api.cloud_auth.SESSION_KEY_REFRESH sda.dashboard.api.cloud_auth.router Classes ------- .. autoapisummary:: sda.dashboard.api.cloud_auth.CloudGraphTokenMiddleware Functions --------- .. autoapisummary:: sda.dashboard.api.cloud_auth.cloud_auth_enabled sda.dashboard.api.cloud_auth.auth_login sda.dashboard.api.cloud_auth.auth_callback sda.dashboard.api.cloud_auth.auth_me sda.dashboard.api.cloud_auth.auth_logout sda.dashboard.api.cloud_auth.install_cloud_auth Module Contents --------------- .. py:data:: logger .. py:data:: SESSION_KEY_ID :value: 'sda_session_id' .. py:data:: SESSION_KEY_STATE :value: 'sda_oauth_state' .. py:data:: SESSION_KEY_ACCESS :value: 'sda_graph_access_token' .. py:data:: SESSION_KEY_REFRESH :value: 'sda_graph_refresh_token' .. py:function:: cloud_auth_enabled() Return True when all required SDA-Cloud OAuth settings are present. .. py:data:: router .. py:function:: auth_login(request) :async: Redirect browser to Microsoft login (authorization code flow). .. py:function:: auth_callback(request, code = '', state = '') :async: OAuth redirect URI handler: exchange code and store tokens in session. .. py:function:: auth_me(request) :async: Return whether the session holds a valid Graph access token (for SPA gating). .. py:function:: auth_logout(request) :async: Clear session and server-side token, then return to home. .. py:class:: CloudGraphTokenMiddleware(app, dispatch = None) Bases: :py:obj:`starlette.middleware.base.BaseHTTPMiddleware` Inject Graph token into context; redirect/block unauthenticated requests. .. py:method:: dispatch(request, call_next) :async: .. py:attribute:: app .. py:attribute:: dispatch_func .. py:function:: install_cloud_auth(app) Register session + token middleware and auth routes (before CORS in app factory).