You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The SDK contains three helper functions that will *return* an instantiated credential provider of the specified type. When leveraging these functions, ensure you have the required extra dependencies installed.
75
75
76
+
When using ``load_from_keychain``, **you must provide the identity keyword argument** required by the specified provider:
77
+
78
+
- ``username=`` for ``UserCredentialsProvider``
79
+
- ``client_id=`` for ``ApiClientCredentialsProvider``
80
+
76
81
Prompting for Credentials
77
82
^^^^^^^^^^^^^^^^^^^^^^^^^
78
83
@@ -93,7 +98,11 @@ Loading from AWS Secrets Manager
93
98
94
99
.. important::
95
100
96
-
The ``aws`` dependency is required for this function and can be installed with ``% python3 -m pip install 'jamf-pro-sdk[aws]'``.
101
+
The ``aws`` dependency is required for this function and can be installed via:
102
+
103
+
.. code-block:: console
104
+
105
+
% python3 -m pip install 'jamf-pro-sdk[aws]'
97
106
98
107
The ``SecretString`` is expected to be a JSON string in the following format:
99
108
@@ -127,11 +136,38 @@ Loading from Keychain
127
136
128
137
.. important::
129
138
130
-
This utility requires the ``keyring`` extra dependency, which can be installed via ``% python3 -m pip install 'jamf-pro-sdk[macOS]'``.
139
+
This utility requires the ``keyring`` extra dependency, which can be installed via:
140
+
141
+
.. code-block:: console
142
+
143
+
% python3 -m pip install 'jamf-pro-sdk[macOS]'
131
144
132
-
When using :class:`~jamf_pro_sdk.clients.auth.ApiClientCredentialsProvider`, the SDK expects the client ID and client secret to be stored using the format ``CLIENT_ID`` and ``CLIENT_SECRET`` respectively. For :class:`~jamf_pro_sdk.clients.auth.UserCredentialsProvider`, you will be prompted for a username.
145
+
When using :class:`~jamf_pro_sdk.clients.auth.ApiClientCredentialsProvider`, the SDK expects:
133
146
134
-
Additionally, the :ref:`server scheme <server_scheme>` does not need to be passed to the ``server`` argument, as the SDK handles this for you.
147
+
- The API **client ID** to be stored in the keychain under your Jamf Pro server name (as the *service_name*) with the client ID as the *username*, and its associated secret as the *password*.
148
+
149
+
.. image:: ../_static/api-keychain.png
150
+
:alt:Example macOS Keychain entry for API credentials (client_id)
151
+
:align:center
152
+
:width:400px
153
+
154
+
When using :class:`~jamf_pro_sdk.clients.auth.UserCredentialsProvider`, the SDK expects:
155
+
156
+
- A **username** to be passed, and the password to be retrieved from the keychain under the same server name and username.
157
+
158
+
.. image:: ../_static/user-keychain.png
159
+
:alt:Example keychain entry for User credentials
160
+
:align:center
161
+
:width:400px
162
+
163
+
.. note::
164
+
165
+
The ``server`` argument should not include the :ref:`scheme <server_scheme>`. The SDK normalizes this internally.
166
+
167
+
Use the appropriate keyword argument depending on the credential provider class:
168
+
169
+
- Use ``client_id=`` when using :class:`~jamf_pro_sdk.clients.auth.ApiClientCredentialsProvider`.
170
+
- Use ``username=`` when using :class:`~jamf_pro_sdk.clients.auth.UserCredentialsProvider`.
You can manage entries using the **Keychain Access** app on macOS. See: `Apple's Keychain User Guide <https://support.apple.com/guide/keychain-access/welcome/mac>`_.
0 commit comments