AuthenticationManager
Centralized authentication handler for the Norman SDK. This manager handles API-key–based authentication, token refresh, and storage of identity metadata such as the authenticated user's account_id.
The manager maintains secure references to access tokens and ID tokens, automatically refreshes expired credentials, and exposes helper methods used throughout the SDK for authenticated operations.
Authentication follows this sequence:
User provides an API key via
set_api_key()The manager performs an API-key login using the
AuthenticateserviceAccess and ID tokens are stored as
Sensitive[str]Tokens are automatically refreshed when expired
Methods
access_token property
Retrieve the currently stored access token.
Returns
Sensitive[str] The active access token.
Raises
ValueError If no token has been obtained yet (user not logged in).
account_id property
Retrieve the authenticated user's account ID.
Returns
str | None Account ID if logged in, otherwise
None.
access_token_expired()
Determine whether the current access token is expired.
Token expiration is computed by decoding the JWT without signature verification (signature verification will be added once JWKS support is enabled).
Returns
bool
Trueif the access token is missing or expired; otherwiseFalse.
invalidate_access_token() async
Coroutine
Ensure that the current access token is valid. If the token is expired or missing, this method will automatically trigger a fresh login using the stored API key.
Returns
None
set_api_key(api_key)
Store the API key that will be used to authenticate the user.
Parameters
api_key (
str) The API key issued to the user.
signup_and_generate_key(username) async staticmethod
Coroutine
Register a new account and generate an API key for the user.
This static method exists because signup does not require an existing authenticated session.
Parameters
username (
str) Name to associate with the new account.
Returns
SignupKeyResponse Contains the generated API key and signup metadata.