Python
Installation
Python 3
pip3 install authsignal
Initialization
import authsignal.client
authsignal_client = authsignal.Client(api_key='YOUR_SECRET_KEY')
You can find your client or tenant ID in the Authsignal Portal.
You must specify the correct base URL for your tenant's region.
| Region | Base URL |
|---|---|
| US (Oregon) | https://api.authsignal.com/v1 |
| AU (Sydney) | https://au.api.authsignal.com/v1 |
| EU (Dublin) | https://eu.api.authsignal.com/v1 |
For example, to set the base URL to use our AU region:
import authsignal.client
authsignal_client = authsignal.Client(api_key='YOUR_SECRET_KEY', api_url='https://au.api.authsignal.com/v1')
track
track lets you record actions performed by users and initiate challenges.
import authsignal.client
result = authsignal_client.track(
user_id="1234",
action="withdrawal",
payload={
"redirectUrl": "https://example.com/finalize-withdrawal"
}
)
match result["state"]
case authsignal.client.ALLOW:
# Carry on with your operation/business logic
case authsignal.client.BLOCK:
# Stop your operations
case authsignal.client.CHALLENGE_REQUIRED:
# Step up authentication required, redirect or pass the challenge_url to the front end
response["challenge_url"]
Arguments
Refer to the Server API's Track action request object.
Returns
Refer to the Server API's Track action response object.
validate_challenge
validate_challenge lets you validate the result of a challenge using the token which is obtained after a redirect (if using the pre-built UI) or returned by a client SDK (if using an embedded flow).
result = authsignal_client.validate_challenge(
token=token,
)
When performing MFA for a user who has already been authenticated by a primary factor (e.g. username & password), it's important to check the token belongs to that user. The validateChallenge method will do this check if you pass both the token and the userId.
Arguments
| Name | Type | Description |
|---|---|---|
token | string | The token obtained after a redirect (if using the pre-built UI) or returned by a client SDK (if using an embedded flow). |
user_id | string | (Optional) The ID of the user. Only pass this if doing step-up auth on an existing user session (i.e. not for login). |
Returns
| Name | Type | Description |
|---|---|---|
success | bool | True if the challenge was completed successfully. |
state | dictionary | The state of the action associated with the challenge. Possible values are CHALLENGE_REQUIRED, CHALLENGE_SUCCEEDED, CHALLENGE_FAILED, ALLOW, or BLOCK. |
user_id | string | The ID of the user. |
get_user
get_user retrieves a user and their MFA enrollment status.
result = authsignal_client.get_user(user_id="usr_123")
is_enrolled = result["is_enrolled"]
Arguments
Refer to the Server API's Retrieve user request object.
Returns
Refer to the Server API's Retrieve user response object.
get_action
get_action lets you determine the result of a challenge after the user has been redirected back from the Authsignal pre-built UI (or after the popup has been closed, if showing the page in a modal).
result = authsignal_client.get_action(
user_id="1234",
action="signIn",
idempotency_key="0ae73782-d8c1-49bc-be75-09612a3b9d1c",
)
if result["state"] == "CHALLENGE_SUCCEEDED":
print("Proceed with business logic")
# The user has successfully completed the challenge, and you should proceed with
# the business logic
Arguments
Refer to the Server API's Get action status request object.
Returns
Refer to the Server API's Get action status response object.
enroll_verified_authenticator
enroll_verified_authenticator can be used to enroll an authenticator on behalf of a user if it has already been verified.
authsignal_client.enroll_verified_authenticator(
user_id="1234",
authenticator_payload={"oobChannel": "SMS", "phoneNumber": " 64277770770"},
)
Arguments
Refer to the Server API's Enroll verified authenticator request object.
Returns
Refer to the Server API's Enroll verified authenticator response object.