API

This is the documentation for the Python client API for eduVPN.

Remote calls

eduvpn.remote.check_certificate(oauth, api_base_uri, common_name)
eduvpn.remote.create_config(oauth, api_base_uri, display_name, profile_id)

Create a configuration for a given profile.

Parameters:
  • oauth (requests_oauthlib.OAuth2Session) – oauth2 object
  • api_base_uri (str) – the instance base URI
  • display_name (str) –
  • profile_id (str) –
eduvpn.remote.create_keypair(oauth, api_base_uri)

Create remote keypair and return results

Parameters:
  • oauth (requests_oauthlib.OAuth2Session) – oauth2 object
  • api_base_uri (str) – the instance base URI
Returns:

certificate and key
Return type:

tuple(str, str)
eduvpn.remote.get_auth_url(oauth, code_verifier, auth_endpoint)

” generate a authorization URL.

Parameters:
  • oauth (requests_oauthlib.OAuth2Session) – oauth2 object
  • code_verifier (str) –
  • auth_endpoint (str) –
eduvpn.remote.get_instance_info(instance_uri, verifier=None)

Retrieve information from instance

Parameters:
  • instance_uri (str) – the base URI for the instance
  • verifier (nacl.signing.VerifyKey) – the verifykey used to verify the key
Returns:

api_base_uri, authorization_endpoint, token_endpoint
Return type:

tuple(str, str, str)
eduvpn.remote.get_instances(discovery_uri, verifier=None)

retrieve a list of instances.

Parameters:
  • discovery_uri (str) – the URL to parse for instances discovery
  • verifier (nacl.signing.VerifyKey) – used to verify the key
Returns:

display_name, base_uri, logo_data
Return type:

generator
eduvpn.remote.get_profile_config(oauth, api_base_uri, profile_id)

Return a profile configuration

Parameters:
  • oauth (requests_oauthlib.OAuth2Session) – oauth2 object
  • api_base_uri (str) – the instance base URI
  • profile_id (str) –
eduvpn.remote.list_profiles(oauth, api_base_uri)

List profiles on instance

Parameters:
  • oauth (requests_oauthlib.OAuth2Session) – oauth2 object
  • api_base_uri (str) – the instance base URI
Returns:

of available profiles on the instance (display_name, profile_id, two_factor)
Return type:

list
eduvpn.remote.system_messages(oauth, api_base_uri)

Return all system messages

Parameters:
  • oauth (requests_oauthlib.OAuth2Session) – oauth2 object
  • api_base_uri (str) – the instance base URI
eduvpn.remote.translate_display_name(display_name)

Translates a display_name in the current locale.

Parameters:display_name (str or dict) –
eduvpn.remote.two_factor_enroll_totp(oauth, api_base_uri, secret, key)
eduvpn.remote.two_factor_enroll_yubi(oauth, api_base_uri, yubi_key_otp)
eduvpn.remote.user_info(oauth, api_base_uri)

returns the user information

Parameters:
  • oauth (requests_oauthlib.OAuth2Session) – oauth2 object
  • api_base_uri (str) – the instance base URI
eduvpn.remote.user_messages(oauth, api_base_uri)

These are messages specific to the user. It can contain a message about the user being blocked, or other personal messages from the VPN administrator.

Parameters:
  • oauth (requests_oauthlib.OAuth2Session) – oauth2 object
  • api_base_uri (str) – the instance base URI
Returns:

a list of dicts with date_time, message, type keys
Return type:

list

eduVPN OAuth2

Crypto

eduvpn.crypto.common_name_from_cert(pem_data)

Extract common name from client certificate.

Parameters:pem_data (str) – PEM encoded certificate
Returns:the common name of the client certificate.
Return type:str
eduvpn.crypto.gen_base32(length=20)

Generate a base32 string.

eduvpn.crypto.gen_code_challenge(code_verifier)

Transform the PKCE code verifier in a code challenge.

Parameters:code_verifier (str) – a string generated with gen_code_verifier()
eduvpn.crypto.gen_code_verifier(length=128)

Generate a high entropy code verifier, used for PKCE.

Parameters:length (int) – length of the code
Returns:
Return type:str
eduvpn.crypto.make_verifier(key)

Create a NaCL verifier.

Parameters:key (str) – A verification key
Returns:a nacl verifykey object
Return type:nacl.signing.VerifyKey

eduVPN IO

Helper functions related to local IO

eduvpn.io.mkdir_p(path)

Create a folder with all its parents, like mkdir -p :param path: path of directory to create :type path: str

eduvpn.io.write_cert(content, type_, unique_name)

Write a certificate to the filesystem :param content: content of certificate file :type content: str :param type: type of certificate file :type type: str :param unique_name: description of file :type unique_name: str

Returns:full path to certificate file
Return type:str

OpenVPN

eduvpn.openvpn.format_like_ovpn(config, cert, key)

create a OVPN format config text

Parameters:
  • config (str) – an existing ovpn config
  • cert (str) –
  • key (str) –
eduvpn.openvpn.ovpn_to_nm(config, meta, display_name, username=None)

Generate a NetworkManager style config dict from a parsed ovpn config dict

Parameters:
  • config (dict) – a parsed openvpn config, typically generated by eduvpn.openvpn.parse_ovpn()
  • meta (dict) – configuration metdata
  • display_name (str) – the display name of the configuration
  • username (str) – username to use for 2-factor authentication
eduvpn.openvpn.parse_ovpn(configtext)

Parse a ovpn like config file, return it in dict

configtext (str): content of a OpenVPN like config file

Exceptions

exception eduvpn.exceptions.EduvpnAuthException

Bases: Exception

eduVPN authentication exception

exception eduvpn.exceptions.EduvpnException

Bases: Exception

base eduVPN exception