Utilities
Helper functions for common OAuth operations.
get_sva_claims()
Location: sva_oauth_client.utils.get_sva_claims
Purpose: The primary method for accessing user identity data. Retrieves and decodes SVA claims from the cryptographically signed data_token stored in the session.
Signature
def get_sva_claims(request: HttpRequest) -> Dict[str, Any] | None
Parameters
request: DjangoHttpRequestobject (must have session attribute)
Returns
Dict[str, Any]: Dictionary containing all identity claims (blocks), orNoneif no data_token is present
Raises
SVATokenError: If the data_token is invalid, expired, or has a bad signature
Usage
from sva_oauth_client.utils import get_sva_claims
from sva_oauth_client.client import SVATokenError
@sva_oauth_required
def my_view(request):
try:
claims = get_sva_claims(request)
if claims:
email = claims.get('email')
name = claims.get('name')
phone = claims.get('phone')
except SVATokenError:
# Token expired or invalid
return redirect('sva_oauth_client:login')
Claims Dictionary Structure
{
'email': '[email protected]',
'name': 'John Doe',
'username': 'johndoe',
'phone': '+1234567890',
'address': {
'street': '123 Main St',
'city': 'New York',
'zip': '10001'
},
'social': {
'twitter': '@johndoe',
'github': 'johndoe'
},
# ... other approved identity blocks
}
Important Notes
- This function is stateless - it decodes the JWT directly from the session
- No API call to
/userinfois made - all data comes from the signed token - The token signature and expiration are automatically verified
- If the token is invalid or expired,
SVATokenErroris raised
is_authenticated()
Location: sva_oauth_client.utils.is_authenticated
Purpose: Check if a user is authenticated with SVA OAuth by verifying the presence of an access token.
Signature
def is_authenticated(session: SessionStore) -> bool
Parameters
session: Django session object
Returns
bool:Trueif authenticated,Falseotherwise
Usage
from sva_oauth_client.utils import is_authenticated
def my_view(request):
if is_authenticated(request.session):
# User is logged in
return render(request, 'dashboard.html')
else:
# User is not logged in
return render(request, 'login.html')
Template Usage
# In your view
context = {'is_authenticated': is_authenticated(request.session)}
{% if is_authenticated %}
<a href="{% url 'sva_oauth_client:logout' %}">Logout</a>
{% else %}
<a href="{% url 'sva_oauth_client:login' %}">Login</a>
{% endif %}
get_access_token()
Location: sva_oauth_client.utils.get_access_token
Purpose: Get the access token from session.
Signature
def get_access_token(session: SessionStore) -> str | None
Returns
str | None: Access token string, orNoneif not present
Usage
from sva_oauth_client.utils import get_access_token
access_token = get_access_token(request.session)
if access_token:
# Use access token for API calls
pass
get_data_token()
Location: sva_oauth_client.utils.get_data_token
Purpose: Get the raw data_token string from session.
Signature
def get_data_token(session: SessionStore) -> str | None
Returns
str | None: Data token JWT string, orNoneif not present
Usage
from sva_oauth_client.utils import get_data_token
data_token = get_data_token(request.session)
if data_token:
# Decode manually if needed
from sva_oauth_client.client import get_client_from_settings
client = get_client_from_settings()
decoded = client.decode_data_token(data_token)
clear_oauth_session()
Location: sva_oauth_client.utils.clear_oauth_session
Purpose: Clear all OAuth-related data from session.
Signature
def clear_oauth_session(session: SessionStore) -> None
Usage
from sva_oauth_client.utils import clear_oauth_session
from django.shortcuts import redirect
def custom_logout(request):
clear_oauth_session(request.session)
return redirect('/')
Cleared Keys
The function clears the following session keys:
sva_oauth_access_tokensva_oauth_refresh_tokensva_oauth_data_tokensva_oauth_scopesva_access_token_expirysva_remember_me
get_client_from_settings()
Location: sva_oauth_client.client.get_client_from_settings
Purpose: Get a configured SVAOAuthClient instance from Django settings.
Signature
def get_client_from_settings() -> SVAOAuthClient
Returns
SVAOAuthClient: Configured client instance
Usage
from sva_oauth_client.client import get_client_from_settings
client = get_client_from_settings()
auth_url, code_verifier = client.get_authorization_url()
Required Settings
The function reads these settings:
SVA_OAUTH_BASE_URLSVA_OAUTH_CLIENT_IDSVA_OAUTH_CLIENT_SECRETSVA_OAUTH_REDIRECT_URISVA_DATA_TOKEN_SECRETSVA_DATA_TOKEN_ALGORITHM(optional)SVA_OAUTH_SCOPES(optional)
Complete Example
from sva_oauth_client.decorators import sva_oauth_required
from sva_oauth_client.utils import (
get_sva_claims,
is_authenticated,
get_access_token,
clear_oauth_session,
)
from sva_oauth_client.client import SVATokenError
def home_view(request):
"""Home page with login/logout"""
context = {
'is_authenticated': is_authenticated(request.session),
}
return render(request, 'home.html', context)
@sva_oauth_required
def dashboard_view(request):
"""Protected dashboard"""
try:
claims = get_sva_claims(request)
access_token = get_access_token(request.session)
context = {
'email': claims.get('email'),
'name': claims.get('name'),
'has_access_token': access_token is not None,
}
return render(request, 'dashboard.html', context)
except SVATokenError:
clear_oauth_session(request.session)
return redirect('sva_oauth_client:login')
def logout_view(request):
"""Custom logout"""
clear_oauth_session(request.session)
return redirect('/')
Next Steps
- Learn about Decorators for view protection
- Explore Middleware for automatic token refresh
- Check Client API for manual OAuth operations