Implement list_auth_providers

m-mohr · m-mohr · commit 499b3004aaea · 2025-11-04T15:35:51.000+01:00
diff --git a/openeo/rest/connection.py b/openeo/rest/connection.py
@@ -9,6 +9,7 @@
 import os
 import shlex
 import urllib.parse
+import uuid
 import warnings
 from collections import OrderedDict
 from pathlib import Path, PurePosixPath
@@ -211,6 +212,37 @@ def _get_refresh_token_store(self) -> RefreshTokenStore:
             self._refresh_token_store = RefreshTokenStore()
         return self._refresh_token_store
 
+    def list_auth_providers(self) -> list[dict]:
+        providers = []
+        cap = self.capabilities()
+
+        # Add OIDC providers
+        oidc_path = "/credentials/oidc"
+        if cap.supports_endpoint(oidc_path, method="GET"):
+            try:
+                data = self.get(oidc_path, expected_status=200).json()
+                if isinstance(data, dict):
+                    for provider in data.get("providers", []):
+                        provider["type"] = "oidc"
+                        providers.append(provider)
+            except OpenEoApiError:
+                pass
+
+        # Add Basic provider
+        basic_path = "/credentials/basic"
+        if cap.supports_endpoint(basic_path, method="GET"):
+            providers.append(
+                {
+                    "id": uuid.uuid4().hex,
+                    "issuer": self.build_url(basic_path),
+                    "type": "basic",
+                    "title": "HTTP Basic",
+                    "description": "HTTP Basic authentication using username and password",
+                }
+            )
+
+        return providers
+
     def authenticate_basic(self, username: Optional[str] = None, password: Optional[str] = None) -> Connection:
         """
         Authenticate a user to the backend using basic username and password.
diff --git a/tests/rest/test_connection.py b/tests/rest/test_connection.py
@@ -767,6 +767,59 @@ def test_create_connection_lazy_refresh_token_store(requests_mock):
         )
 
 
+def test_list_auth_providers(requests_mock, api_version):
+    requests_mock.get(
+        API_URL,
+        json={
+            "api_version": api_version,
+            "endpoints": [
+                {"methods": ["GET"], "path": "/credentials/basic"},
+                {"methods": ["GET"], "path": "/credentials/oidc"},
+            ],
+        },
+    )
+    requests_mock.get(
+        API_URL + "credentials/oidc",
+        json={
+            "providers": [
+                {"id": "p1", "issuer": "https://openeo.example", "title": "openEO", "scopes": ["openid"]},
+                {"id": "p2", "issuer": "https://other.example", "title": "Other", "scopes": ["openid"]},
+            ]
+        },
+    )
+
+    conn = Connection(API_URL)
+    providers = conn.list_auth_providers()
+    assert len(providers) == 3
+
+    p1 = next(filter(lambda x: x["id"] == "p1", providers), None)
+    assert isinstance(p1, dict)
+    assert p1["type"] == "oidc"
+    assert p1["issuer"] == "https://openeo.example"
+    assert p1["title"] == "openEO"
+
+    p2 = next(filter(lambda x: x["id"] == "p2", providers), None)
+    assert isinstance(p2, dict)
+    assert p2["type"] == "oidc"
+    assert p2["issuer"] == "https://other.example"
+    assert p2["title"] == "Other"
+
+    basic = next(filter(lambda x: x["type"] == "basic", providers), None)
+    assert isinstance(basic, dict)
+    assert isinstance(basic["id"], str)
+    assert len(basic["id"]) > 0
+    assert basic["issuer"] == API_URL + "credentials/basic"
+    assert basic["title"] == "Basic"
+
+
+def test_list_auth_providers_empty(requests_mock, api_version):
+    requests_mock.get(API_URL, json={"api_version": api_version, "endpoints": []})
+
+    conn = Connection(API_URL)
+    providers = conn.list_auth_providers()
+    assert len(providers) == 0
+
+
 def test_authenticate_basic_no_support(requests_mock, api_version):
     requests_mock.get(API_URL, json={"api_version": api_version, "endpoints": []})
 
