更新时间:2026-04-30 GMT+08:00
Identity SDK
场景介绍
Identity SDK提供华为云身份认证服务的管理能力,支持工作负载身份、凭证提供者、访问令牌等管理功能。
原理优势
IdentityClient是身份认证服务的高级客户端。
文件位置:src/agentarts/sdk/services/identity/identity_client.py
from agentarts.sdk.services.identity import IdentityClient
client = IdentityClient(region="cn-southwest-2") 操作步骤
- 创建工作负载身份
workload = client.create_workload_identity( name="my-workload", description="我的工作负载" ) print(f"Workload ID: {workload.id}") print(f"URN: {workload.urn}") - 创建访问令牌
# 使用用户Token创建 token = client.create_workload_access_token( workload_name="my-workload", user_token="user-oauth-token" ) # 使用用户ID创建 token = client.create_workload_access_token_for_user_id( workload_name="my-workload", user_id="user-123" ) print(f"Access Token: {token.access_token}") print(f"Expires At: {token.expires_at}") - 配置凭证提供者管理。
- API Key凭证提供者
provider = client.create_api_key_credential_provider( name="my-api-key-provider", api_key="your-api-key" ) print(f"Provider ID: {provider.id}") - OAuth2凭证提供者
# GitHub OAuth2 provider = client.create_oauth2_credential_provider( name="github-provider", vendor="github", client_id="your-client-id", client_secret="your-client-secret" ) # Google OAuth2 provider = client.create_oauth2_credential_provider( name="google-provider", vendor="google", client_id="your-client-id", client_secret="your-client-secret" ) # Microsoft OAuth2 provider = client.create_oauth2_credential_provider( name="microsoft-provider", vendor="microsoft", client_id="your-client-id", client_secret="your-client-secret" ) - STS凭证提供者
provider = client.create_sts_credential_provider( name="my-sts-provider", agency_urn="agency-urn:your-agency", tags=[{"key": "env", "value": "prod"}] )
- API Key凭证提供者
- 使用客户端进行凭证获取。
- 获取OAuth2 Token
token = client.get_resource_oauth2_token( provider_name="github-provider", scopes=["user:email", "read:user"], agent_identity_token="agent-identity-token" ) print(f"Token: {token.access_token}") - 获取API Key
api_key = client.get_resource_api_key( provider_name="my-api-key-provider", workload_access_token="workload-token" ) print(f"API Key: {api_key.key}") - 获取STS Token
sts_token = client.get_resource_sts_token( provider_name="my-sts-provider", workload_access_token="workload-token", agency_session_name="session-name" ) print(f"Access Key: {sts_token.access_key}") print(f"Secret Key: {sts_token.secret_key}") print(f"Security Token: {sts_token.security_token}")
- 获取OAuth2 Token
- 推荐使用装饰器来处理凭据生命周期。它们会自动将令牌或密钥注入到你的函数参数中。
from typing import Optional from agentarts.sdk import require_access_token, require_api_key, require_sts_token from agentarts.sdk.identity.types import StsCredentials # OAuth2 Access Token 注入 (异步) @require_access_token( provider_name="google", scopes=["https://www.googleapis.com/auth/userinfo.email"], auth_flow="USER_FEDERATION" ) async def fetch_google_data(access_token: Optional[str] = None): print(f"Using OAuth2 token: {access_token}") # M2M Access Token 注入 (异步) @require_access_token( provider_name="my-company-api", auth_flow="M2M" ) async def call_internal_service(access_token: Optional[str] = None): print(f"Using M2M OAuth2 token: {access_token}") # API Key 注入 (同步) @require_api_key(provider_name="openai") def call_llm(api_key: Optional[str] = None): print(f"Using API Key: {api_key}") # STS Token 注入 @require_sts_token(provider_name="huaweicloud-iam", agency_session_name="example-session") async def access_huawei_resource(sts_credentials: Optional[StsCredentials] = None): # 直接访问 SDK 对象字段 print(f"AK: {sts_credentials.access_key_id}") print(f"SK: {sts_credentials.secret_access_key}") print(f"SecurityToken: {sts_credentials.security_token}")
父主题: AgentArts SDK参考
