domain.enums.credential_type¶
Authentication mechanism types for provider credentials.
Defines the type of credential stored, used by infrastructure layer to route to the correct credential handler for encryption/decryption and token refresh operations.
The domain layer treats credentials as opaque blobs - this enum provides a hint to infrastructure about how to process them.
Reference
- docs/architecture/provider-domain-model.md
Usage
from src.domain.enums import CredentialType
credentials = ProviderCredentials( encrypted_data=encrypted_blob, credential_type=CredentialType.OAUTH2, expires_at=expires_at, )
Classes¶
Bases: str, Enum
Authentication mechanism type for provider credentials.
Used by infrastructure layer to determine how to: - Encrypt/decrypt credential data - Refresh expiring credentials - Validate credential format
The domain layer is authentication-agnostic - it only stores this type as a routing hint for infrastructure.
String Enum
Inherits from str for easy serialization and database storage. Values are lowercase for consistency.
Source code in src/domain/enums/credential_type.py
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 | |
Attributes¶
class-attribute
instance-attribute
¶
OAuth 2.0 authentication.
Used by most brokerages (Schwab, Fidelity, etc.).
Credential data typically includes
- access_token
- refresh_token
- token_type
- expires_in
- scope
class-attribute
instance-attribute
¶
Simple API key authentication.
Used by some data providers with static credentials.
Credential data typically includes
- api_key
- api_secret (optional)
class-attribute
instance-attribute
¶
Aggregator-style link tokens.
Used by aggregators that use a linking flow (e.g., third-party data aggregation services).
Credential data typically includes
- access_token
- item_id
- institution_id
class-attribute
instance-attribute
¶
mTLS certificate-based authentication.
Used by providers requiring mutual TLS.
Credential data typically includes
- client_certificate
- private_key
- certificate_chain
class-attribute
instance-attribute
¶
File-based data import (no live authentication).
Used by providers that import data from downloaded files (QFX, OFX, CSV) rather than API calls.
Credential data typically includes
- file_content: Raw file bytes
- file_format: Format identifier (qfx, ofx, csv)
- file_name: Original filename for logging/debugging
No expiration - credentials represent parsed file data.
class-attribute
instance-attribute
¶
Provider-specific custom authentication.
Fallback for providers with unique auth mechanisms. Infrastructure must handle on a per-provider basis.
Functions¶
classmethod
¶
Get all credential type values as strings.
Returns:
| Type | Description |
|---|---|
list[str]
|
list[str]: List of credential type values. |
classmethod
¶
Check if a string is a valid credential type.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
value
|
str
|
String to check. |
required |
Returns:
| Name | Type | Description |
|---|---|---|
bool |
bool
|
True if value is a valid credential type. |
Source code in src/domain/enums/credential_type.py
classmethod
¶
Get credential types that support automatic refresh.
Returns:
| Type | Description |
|---|---|
list[CredentialType]
|
list[CredentialType]: Types with refresh capability. |
Source code in src/domain/enums/credential_type.py
classmethod
¶
Get credential types that typically don't expire.
Returns:
| Type | Description |
|---|---|
list[CredentialType]
|
list[CredentialType]: Types without expiration. |