You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

globus-identity-mapping

Package Overview
Dependencies
Maintainers
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

globus-identity-mapping

0.4.0
pipPyPI
Maintainers
3

Globus Identity Mapper

The Globus Identity Mapper Python library provides two mapping classes that implement configurable hooks for mapping a Globus Auth Identity resource to an application- or context-specific username:

  • ExpressionIdentityMapping
  • ExternalIdentityMapping

Additionally, the library offers a protocol for implementing custom identity mapper logic:

  • IdentityMappingProtocol

Most consumers of this library will make use of a mapping configuration document, the .from_mapping_document() method to instantiate the appropriate class, and then call .map_identity() or .map_identities() thereafter. This enables administrators to dynamically specify their desired mapping configuration without having to resort to typing Python code. For example, a simple mapping configuration to use the ExpressionIdentityMapping logic to follow the rules as documented at Globus Connect Server, Identity Mapping might be:

{
  "DATA_TYPE": "expression_identity_mapping#1.0.0",
  "mappings": [
    {
      "source": "{email}", "match": "(.*)@example\\.org", "output": "{0}"
    }
  ]
}

A hard-coded class instantiation might look like:

>>> import json
>>> from globus_identity_mapping import ExpressionIdentityMapping
>>> fdata = open("example_configuration.json").read()
>>> mapping_document = json.loads(fdata)
>>> connector_id = "..."  # see the Identity Mapping Guide, linked above
>>> storage_gateway = "application-specific-identifier"
>>> mapper = ExpressionIdentityMapping.from_mapping_document(
...   mapping_document, storage_gateway=storage_gateway, connector_id=connector_id
... )

Thereafter, the mapper may be used to find a context-aware username by mapping the source field of email from a Globus Auth Identity record via the regular expression logic. (In the above example, the hostname is stripped to determine the application-specific username.) Example:

>>> gair = {"id": "...", "sub": "...", "email": "billy@example.org", "name": "..."}
>>> mapper.map_identity(gair)
'billy'

For more serious library usage, implements may want to look at globus_identity_mapping.loader.load_mappers

Development

The high level bits:

  • uses Poetry (pyproject.toml)
  • uses tox
    • tox - enough to run all tests
    • tox -e mypy to run mypy
  • Reminder to install pre-commit at your first checkout: pre-commit --install

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

npm Adopts OIDC for Trusted Publishing in CI/CD Workflows

Security News

npm Adopts OIDC for Trusted Publishing in CI/CD Workflows

npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.

By Sarah Gooding  -  Aug 08, 2025
60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign

Research

/

Security News

60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign

A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.

By Kirill Boychenko  -  Aug 07, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.