|Keywords||launchkey security authentication iovation multifactor mfa 2fa biometric|
For use in implementing LaunchKey.
Use to more easily interact with iovation’s LaunchKey API.
$ easy_install launchkey
$ pip install launchkey
The LaunchKey SDK is broken into credential based factories with access to functionality based clients.
Factories are based on the credentials supplied. The Organization Factory uses Organization credentials, the Directory Factory uses Directory credentials, and the Service Factory uses Service credentials. Each factory provides clients which are accessible to the factory. The availability is based on the hierarchy of the entities themselves. Below is a matrix of available services for each factory.
|Factory||Directory Client||Service Client|
Using individual clients
from launchkey.factories import ServiceFactory, DirectoryFactory directory_id = "37d98bb9-ac71-44b7-9ac0-5d75e31e627a" directory_private_key = open('directory_private_key.key').read() service_id = "9ecc57e0-fb0f-4971-ba12-399b630158b0" service_private_key = open('service_private_key.key').read() directory_factory = DirectoryFactory(directory_id, directory_private_key) directory_client = directory_factory.make_directory_client() service_factory = ServiceFactory(service_id, service_private_key) service_client = service_factory.make_service_client()
Using a hierarchical client
from launchkey.factories import OrganizationFactory organization_id = "bff1602d-a7b3-4dbe-875e-218c197e9ea6" organization_private_key = open('organization_private_key.key').read() directory_id = "37d98bb9-ac71-44b7-9ac0-5d75e31e627a" service_id = "9ecc57e0-fb0f-4971-ba12-399b630158b0" user = "my_unique_internal_identifier" organization_factory = OrganizationFactory(organization_id, organization_private_key) directory_client = organization_factory.make_directory_client(directory_id) service_client = organization_factory.make_service_client(service_id)
Create an auth request to initiated the login process
auth_request_id = service_client.authorize(user)
Using Dynamic Policies
from launchkey.clients.service import AuthPolicy # Require 2 factors and don't allow any jailbroken or rooted devices policy = AuthPolicy(any=2, jailbreak_protection=True) # Also make it so the user can only log in from the Portland area policy.add_geofence(latitude=45.48805749706375, longitude=-122.70492553710936, radius=27500) auth_request_id = service_client.authorize(user, policy=policy)
Check whether a response has been received and check whether it has been authorized
from launchkey.exceptions import RequestTimedOut from time import sleep response = None try: while response is None: response = service_client.get_authorization_response(auth_request_id) if response is not None: if response.authorized is True: # User accepted the auth, now create a session service_client.session_start(user, auth_request_id) else: # User denied the auth request else: sleep(1) except RequestTimedOut: # The user did not respond to the request in the timeout period (5 minutes)
When a user logs out
Webhooks can be used in opposition to polling. This means we will hit your app on either an auth response or logout request.
You will use the same handle_webhook method for both login and logout.
Note that request.headers must be a dictionary like object.
from flask import request from launchkey.clients.service import AuthorizationResponse, SessionEndRequest package = service_client.handle_webhook(request.data, request.headers) if isinstance(package, AuthorizationResponse): if package.authorized is True: # User accepted the auth, now create a session service_client.session_start(user, auth_request_id) else: # User denied the auth elif isinstance(package, SessionEndRequest): # The package will have the user hash, so use it to log the user out based on however you are handling it logout_user_from_my_app(package.service_user_hash)
python setup.py test
git checkout -b my-new-feature)
git commit -am 'Add some feature')
git push origin my-new-feature)