Skip to content

Identity & Claims

Claims-based identity model inspired by .NET's System.Security.Claims.

Converting Tokens to Principals

to_principal(token_claims, authentication_type='Bearer')

Converts a dictionary of token claims (output from validate_token) into a ClaimsPrincipal object.

Parameters:

Name Type Description Default
token_claims dict

Dictionary of claims returned from validate_token

 required
authentication_type str

The authentication type (defaults to "Bearer")

 'Bearer'

Returns:

Type Description
ClaimsPrincipal

ClaimsPrincipal object containing the claims from the token

Classes

ClaimsPrincipal(identity=None, claims=None)

Bases: Principal

Represents a principal with a claims-based identity.

Equivalent to .NET's System.Security.Claims.ClaimsPrincipal. Contains one or more identities and provides access to all claims across those identities.

Attributes:

Name Type Description
claims list[Claim]

All claims associated with this principal's identities.

Initialize a new ClaimsPrincipal instance.

Parameters:

Name Type Description Default
identity Identity | None

The primary identity for this principal.

 None
claims list[Claim] | None

Additional claims to associate with the principal.

 None

claims property

Gets all claims for this principal.

Returns:

Type Description
list[Claim]

List[Claim]: All claims from the principal's identity and additional claims.

add_identity(identity)

Add an identity to this principal.

Parameters:

Name Type Description Default
identity Identity

The identity to add.

 required

has_claim(claim_type, value=None)

Check if a claim exists in the principal context.

Parameters:

Name Type Description Default
claim_type str

The type of claim to search for.

 required
value str | None

Optional value the claim must have.

 None

Returns:

Name Type Description
bool bool

True if a matching claim exists, False otherwise.

is_in_role(role)

Determines whether the current principal belongs to the specified role.

Parameters:

Name Type Description Default
role str

The role name to check.

 required

Returns:

Name Type Description
bool bool

True if the principal has a role claim with the specified value.

find_first(claim_type)

Find the first claim of the specified type.

Parameters:

Name Type Description Default
claim_type str

The type of claim to find.

 required

Returns:

Type Description
Claim | None

Optional[Claim]: The first matching claim, or None if not found.

find_all(claim_type)

Find all claims of the specified type.

Parameters:

Name Type Description Default
claim_type str

The type of claims to find.

 required

Returns:

Type Description
list[Claim]

List[Claim]: All matching claims.

ClaimsIdentity(claims, authentication_type=None, name_type_claim=ClaimType.Name.value, role_type_claim=ClaimType.Role.value)

Bases: Identity

Represents a claims-based identity.

Equivalent to .NET's System.Security.Claims.ClaimsIdentity. Contains a collection of claims that describe the identity.

Attributes:

Name Type Description
claims list[Claim]

List of claims associated with this identity.
role_type_claim

The claim type to use for role claims.
name_type_claim

The claim type to use for the name claim.

Initialize a new ClaimsIdentity instance.

Parameters:

Name Type Description Default
claims list[Claim]

The claims for this identity.

 required
authentication_type str | None

The authentication method used.

 None
name_type_claim str

The claim type for the identity name.

 Name.value
role_type_claim str

The claim type for roles.

 Role.value

name property

Gets the name of the identity from the name claim.

Returns:

Type Description
str | None

Optional[str]: The name value from the first matching name claim, or None if no name claim exists.

find_first(claim_type)

Find the first claim of the specified type.

Parameters:

Name Type Description Default
claim_type str

The type of claim to find.

 required

Returns:

Type Description
Claim | None

Optional[Claim]: The first matching claim, or None if not found.

find_all(claim_type)

Find all claims of the specified type.

Parameters:

Name Type Description Default
claim_type str

The type of claims to find.

 required

Returns:

Type Description
list[Claim]

List[Claim]: All matching claims.

Claim(claim_type, value, value_type='http://www.w3.org/2001/XMLSchema#string', issuer=None, original_issuer=None)

Represents a claim as a name-value pair with additional metadata.

Equivalent to .NET's System.Security.Claims.Claim. A claim is a statement about an entity made by an issuer, consisting of a type, value, and additional properties.

Attributes:

Name Type Description
claim_type

The claim type URI that identifies the claim.
value

The value of the claim.
value_type

The type of the value (default: XML Schema string).
issuer

The entity that issued the claim.
original_issuer

The original issuer if the claim was delegated.
properties

Additional properties associated with the claim.

Initialize a new Claim instance.

Parameters:

Name Type Description Default
claim_type str

The claim type URI.

 required
value str

The claim value.

 required
value_type str

The value type URI. Defaults to XML Schema string.

 'http://www.w3.org/2001/XMLSchema#string'
issuer str | None

The issuer of the claim. Defaults to "LOCAL AUTHORITY".

 None
original_issuer str | None

The original issuer. Defaults to the issuer value.

 None