User.get - Python API

Both regular and super-users can access information about their own accounts using self.sso.user.get_current_user, which accepts current session's UST on input. Further, super-users may query for other users by the latter's ID with self.sso.user.get_user_by_id.

On out, a zato.sso.User object is returned which describes a given user with a range of attributes. Further, the object's .to_dict() method will serialize all the data to a Python dictionary.

Passwords are never returned regardless of user type.


get_current_user(self, cid, current_ust, current_app, remote_addr)

  • cid: Correlation ID used by audit log
  • current_ust: Current user's UST
  • current_app: Name of application the current user is issuing the call from
  • remote_addr: User's remote address
  • Returns: A zato.sso.User object with attributes out of which only user_id and username are guaranteed to always exist. The rest is optional and additionally, some of attributes are set to meaningful values, if they exist at all, only if current user is a super-user.

Accessible no matter the user type is:

  • user_id
  • username
  • email
  • display_name
  • first_name
  • middle_name
  • last_name
  • is_totp_enabled
  • totp_key
  • totp_label

Accessible to super-users only:

  • is_active
  • is_internal
  • is_super_user
  • is_locked
  • is_approval_needed
  • approval_status
  • approval_status_mod_by
  • approval_status_mod_time
  • locked_time
  • creation_ctx
  • locked_by
  • approv_rej_time
  • approv_rej_by
  • password_expiry
  • password_is_set
  • password_must_change
  • password_last_set
  • sign_up_status
  • sign_up_time
# -*- coding: utf-8 -*-

# Zato
from zato.server.service import Service

class GetCurrentUser(Service):

    def handle(self):

        # Data obtained from request and/or WSGI environment
        ust = 'gAAAAABalFycY50Budi...'
        current_app = 'CRM'
        remote_addr = ''

        # Get user by UST
        user_info = self.sso.user.get_current_user(self.cid, ust, current_app, remote_addr)

        # Log output for confirmation
INFO - {
  'user_id': 'zusrx2efj1q1h98n9q00tgx8scefv',
  'username': 'regular1',
  'display_name': 'John Doe',
  'email': ''


get_user_by_id(self, cid, user_id, current_ust, current_app, remote_addr)

Returns information about a user using that person's ID. Current user must be a super-user.

  • cid: Correlation ID used by audit log
  • user_id: User ID (another person or possibly current user)
  • current_ust: Current user's UST - must belong to a super-user
  • current_app: Name of application current user is issuing the call from
  • remote_addr: Current user's remote address
  • Returns: Same as in self.sso.user.get_current_user