Add bearer auth token for SSO

robsdedude · robsdedude · commit 4db2e1aa09c5 · 2021-09-03T14:58:24.000+02:00
diff --git a/neo4j/__init__.py b/neo4j/__init__.py
@@ -29,6 +29,7 @@
     "AuthToken",
     "basic_auth",
     "kerberos_auth",
+    "bearer_auth",
     "custom_auth",
     "Bookmark",
     "ServerInfo",
@@ -69,6 +70,7 @@
     AuthToken,
     basic_auth,
     kerberos_auth,
+    bearer_auth,
     custom_auth,
     Bookmark,
     ServerInfo,
diff --git a/neo4j/api.py b/neo4j/api.py
@@ -80,7 +80,8 @@ class Auth:
 
     def __init__(self, scheme, principal, credentials, realm=None, **parameters):
         self.scheme = scheme
-        self.principal = principal
+        if principal is not None:
+            self.principal = principal
         self.credentials = credentials
         if realm:
             self.realm = realm
@@ -108,7 +109,7 @@ def basic_auth(user, password, realm=None):
 
 
 def kerberos_auth(base64_encoded_ticket):
-    """ Generate a kerberos auth token with the base64 encoded ticket
+    """ Generate a kerberos auth token with the base64 encoded ticket.
 
     This will set the scheme to "kerberos" for the auth token.
 
@@ -120,6 +121,20 @@ def kerberos_auth(base64_encoded_ticket):
     return Auth("kerberos", "", base64_encoded_ticket)
 
 
+def bearer_auth(base64_encoded_token):
+    """ Generate an auth token for Single-Sign-On providers.
+
+    This will set the scheme to "bearer" for the auth token.
+
+    :param base64_encoded_token: a base64 encoded authentication token generated
+                                 by a Single-Sign-On provider.
+
+    :return: auth token for use with :meth:`GraphDatabase.driver`
+    :rtype: :class:`neo4j.Auth`
+    """
+    return Auth("bearer", None, base64_encoded_token)
+
+
 def custom_auth(principal, credentials, realm, scheme, **parameters):
     """ Generate a custom auth token.
 
diff --git a/testkitbackend/requests.py b/testkitbackend/requests.py
@@ -54,9 +54,23 @@ def NewDriver(backend, data):
     data["authorizationToken"].mark_item_as_read_if_equals(
         "name", "AuthorizationToken"
     )
-    auth = neo4j.Auth(
+    scheme = auth_token["scheme"]
+    auth_token.mark_item_as_read("principal")
+    auth_token.mark_item_as_read("realm")
+    if scheme == "basic":
+        auth = neo4j.basic_auth(
+            auth_token["principal"], auth_token["credentials"],
+            realm=auth_token["realm"]
+        )
+    elif scheme == "kerberos":
+        auth = neo4j.kerberos_auth(auth_token["credentials"])
+    elif scheme == "bearer":
+        auth = neo4j.bearer_auth(auth_token["credentials"])
+    else:
+        auth = neo4j.Auth(
             auth_token["scheme"], auth_token["principal"],
-            auth_token["credentials"], realm=auth_token["realm"])
+            auth_token["credentials"], realm=auth_token["realm"]
+        )
     auth_token.mark_item_as_read_if_equals("ticket", "")
     resolver = None
     if data["resolverRegistered"] or data["domainNameResolverRegistered"]:
