- General Client
- Mission Database
- TM/TC Processing
- Link Management
- Object Storage
- File Transfer
- Time Correlation (TCO)
Yamcs Server can be configured for different authentication setups.
The common use case is to entrust Yamcs with validating user credentials (either by locally verifying passwords, or by delegating to an upstream server such as an LDAP tree).
To authenticate in such a scenario, do:
credentials = Credentials(username="admin", password="password") client = YamcsClient("localhost:8090", credentials=credentials)
In the background this will convert your username/password credentials to an access token with limited lifetime, and a long-lived refresh token for automatically generating new access tokens.
Further HTTP requests do not use your username/password but instead use these tokens.
Service accounts are useful in server-to-server scenarios. Support for service accounts will be available in future releases.
- class yamcs.core.auth.BasicAuthCredentials(username: str, password: str)¶
Data holder for Basic Auth credentials. This includes a username and a password which are passed in the HTTP Authorization header on each request.
- login(*args, **kwargs)¶
- class yamcs.core.auth.Credentials(username: Optional[str] = None, password: Optional[str] = None, access_token: Optional[str] = None, refresh_token: Optional[str] = None, expiry: Optional[datetime] = None, client_id: Optional[str] = None, client_secret: Optional[str] = None, become: Optional[str] = None)¶
Data holder for different types of credentials. Currently this includes:
Username/password credentials (fields
Bearer tokens (fields
Short-lived bearer token.
Name of the user to impersonate. Only service accounts with impersonation authority can use this feature.
The client ID. Currently used only by service accounts.
The client secret. Currently used only by service accounts.
When this token expires.
- login(session: Session, auth_url: str, on_token_update: Optional[Callable[[Credentials], None]]) → Credentials¶
Clear-text password (consider TLS!).
Refresh token used to request a new access token.
Username (only needed when using username/password credentials).