Skip to main content

Authentication

The Lightwheel SDK provides robust authentication management with automatic token caching and refresh capabilities.

Client Login

Using Login Manager

from lightwheel_sdk.loader import login_manager

# Login
login_manager.login(username="your_username", password="your_password")

Force Fresh Login

To override cached credentials and force a new login:

from lightwheel_sdk.loader import login_manager

login_manager.login(force_login=True, username="your_username", password="your_password")

Environment-based Authentication

Set credentials via environment variables to avoid hardcoding:

export LoaderUserName="your_username"
export LoaderToken="your_access_token"
# Client will automatically use environment credentials
client = LightwheelClient(host="https://api.lightwheel.net")
# Already authenticated via environment variables

Credential Caching

The SDK automatically caches your authentication credentials to avoid repeated logins.

Cache Location

Credentials are stored at:

~/.cache/lightwheel_sdk/login/account.json

Cache Format

{
    "username": "your_username",
    "token": "access_token",
    "refreshToken": "refresh_token"
}

Token Refresh

The SDK automatically refreshes expired tokens:

# Make API call with expired token
response = client.post("/api/endpoint", data={})
# SDK automatically:
# 1. Detects 401 Unauthorized response
# 2. Refreshes the token using refresh token
# 3. Retries the request with new token

Logout

Clear cached credentials and authentication headers:

# Using client
client.logout()

# Using login manager
from lightwheel_sdk.loader import login_manager
login_manager.logout()

This removes the cache file and clears authentication headers.

Interactive Login

The SDK supports interactive credential input:

# Login without providing credentials
client.login()
# Prompts:
# username: [enter username]
# password: [enter password]

Authentication Flow

  1. Check Cache: Look for cached credentials
  2. Environment Variables: Check LoaderUserName and LoaderToken
  3. Prompt User: If no credentials found, prompt interactively
  4. API Call: Send credentials to /api/authenticate/v1/user/login
  5. Cache Token: Store access and refresh tokens
  6. Set Headers: Update Authorization and UserName headers

Security Best Practices

  1. Never commit credentials: Don't hardcode credentials in code
  2. Use environment variables: Set credentials via environment
  3. Protect cache file: Ensure ~/.cache/lightwheel_sdk/ has appropriate permissions