|
1 | 1 | # onelogin-python-sdk |
2 | 2 |
|
3 | | -Python SDK for OneLogin API |
| 3 | +Official Python SDK for the OneLogin API, enabling you to programmatically manage users, roles, groups, and authentication in your OneLogin instance. |
| 4 | + |
| 5 | +For more information about the OneLogin API, visit the [OneLogin API Documentation](https://developers.onelogin.com/api-docs/2/getting-started/dev-overview). |
4 | 6 |
|
5 | 7 | ## Support |
6 | 8 | OneLogin by One Identity open source projects are supported through [OneLogin GitHub issues](https://github.com/onelogin/onelogin-python-sdk/issues). This includes all scripts, plugins, SDKs, modules, code snippets or other solutions. For assistance with any OneLogin by One Identity GitHub project, please raise a new Issue on the [OneLogin GitHub issues](https://github.com/onelogin/onelogin-python-sdk/issues) page. Requests for assistance made through official One Identity Support will be referred back to GitHub where those requests can benefit all users. |
@@ -56,15 +58,17 @@ import onelogin |
56 | 58 | from onelogin.rest import ApiException |
57 | 59 | from pprint import pprint |
58 | 60 |
|
59 | | -# Defining the host is optional and defaults to https://your-api-subdomain.onelogin.com |
60 | | -# See configuration.py for a list of all supported configuration parameters. |
| 61 | +# Set up configuration |
| 62 | +# Replace 'your-subdomain' with your actual OneLogin subdomain |
61 | 63 | configuration = onelogin.Configuration( |
62 | | - host = "https://your-api-subdomain.onelogin.com" |
| 64 | + host = "https://your-subdomain.onelogin.com" |
63 | 65 | ) |
64 | 66 |
|
| 67 | +# Set your API credentials |
| 68 | +# Use environment variables to avoid hardcoding credentials |
65 | 69 | configuration = onelogin.Configuration( |
66 | | - username = os.environ["USERNAME"], |
67 | | - password = os.environ["PASSWORD"] |
| 70 | + username = os.environ["ONELOGIN_CLIENT_ID"], |
| 71 | + password = os.environ["ONELOGIN_CLIENT_SECRET"] |
68 | 72 | ) |
69 | 73 |
|
70 | 74 | # Enter a context with an instance of the API client |
@@ -93,22 +97,20 @@ with onelogin.ApiClient(configuration) as api_client: |
93 | 97 |
|
94 | 98 | ``` |
95 | 99 |
|
96 | | -## Documentation For Authorization |
| 100 | +## Authentication |
| 101 | + |
| 102 | +### OAuth2 |
97 | 103 |
|
98 | | -## OAuth2 |
| 104 | +OneLogin API uses OAuth2 for authorization. Your client credentials (Client ID and Client Secret) are used to request an access token, which is then used for subsequent API calls. |
99 | 105 |
|
100 | | -- **Type**: OAuth |
101 | | -- **Flow**: application |
102 | | -- **Authorization URL**: |
103 | | -- **Scopes**: |
104 | | - - **Authentication Only**: Gives the credential pair the ability to generate an access token that can perform POST calls only to authentication endpoints, providing least privileged access to authentication code. These endpoints include: - Verify Factor (SAML Assertion) - Generate SAML Assertion - Verify Factor (Login) - Create Session Login Token - Log User Out |
105 | | - - **Read Users**: Gives the credential pair the ability to generate an access token that can perform GET calls available for the User, Role, and Group API resources. |
106 | | - - **Manage users**: Gives the credential pair the ability to generate an access token that can perform GET, POST, PUT, and DELETE calls available for the User, Role, and Group API resources, with the exception of setting passwords and assigning and removing roles |
107 | | - - **Manage All**: Gives the credential pair the ability to generate an access token that can perform GET, POST, PUT, and DELETE calls for all available API resources, including the ability to set passwords and assign and remove roles. |
108 | | - - **Read All**: Gives the credential pair the ability to generate an access token that can perform GET calls available for all API resources. |
| 106 | +#### Available Scopes |
109 | 107 |
|
110 | | -- **Type**: HTTP basic authentication |
| 108 | +The OneLogin API supports the following scopes: |
111 | 109 |
|
112 | | -## basicAuth |
| 110 | +- **Authentication Only**: Access to authentication endpoints only (Verify Factor, Generate SAML Assertion, Create Session Login Token, Log User Out) |
| 111 | +- **Read Users**: Access to GET calls for User, Role, and Group API resources |
| 112 | +- **Manage Users**: Access to GET, POST, PUT, and DELETE calls for User, Role, and Group API resources (except password management and role assignment) |
| 113 | +- **Manage All**: Full access to all API resources, including password management and role assignment |
| 114 | +- **Read All**: Read-only access to all API resources |
113 | 115 |
|
114 | | -- **Type**: HTTP basic authentication |
| 116 | +You can set up your API credentials with appropriate scopes in the OneLogin portal under Security > API Credentials. |
0 commit comments