Support for Developer Tokens

[sserrata]

• Palo Alto Networks Cloud Python SDK version: v1.4.0
• Python version: 2.7, 2.5+
• Operating System: any

Description

Until self-service API key/token generation arrives the SDK can be extended to support Developer Tokens generated by API Explorer. These Developer Tokens can be used to request a valid Application Framework access_token which is required for authentication/authorization. The use case is as follows:

• User activates API Explorer instance in CSP
• User authorizes API Explorer to access instance
• User generates a Developer Token for the authorized instance
• User instantiates a Credentials object with a Developer Token, using either the PAN_DEVELOPER_TOKEN envar or the developer_token constructor argument.
• Upon recognizing the presence of a Developer Token, the Credentials object uses the Developer Token to authenticate with API Explorer in order to perform a token refresh().
• API Explorer responds with a valid access_token which is cached by the Credentials object.

Proposal

• Add support for PAN_DEVELOPER_TOKEN envar and developer_token constructor argument to the Credentials class.
• Maintain full, backwards compatibility support for client_id, client_secret and refresh_token.