Skip to main content

Asyncio wrapper for verify_token method in google-auth library for backend usage

Project description

aiohttp_google_auth_backend

The Google Authentication Library for python, google-auth, provides verify_token (and verify_oauth2_token) methods, which can be used by backend servers to verify the token provided by the web/mobile application and return decoded profile fields. However, python google-auth does not yet provide the support for asyncio.

The aiohttp_google_auth_backend library provides async wrapper for these methods.

How to use it

aiohttp_google_auth_backend package provides JSAioGoogleTokenVerifier class to asynchronously handle the token verification.

The library uses the asynchronous task to fetch and cache the GOOGLE OAUTH2 Certificates in the background using aiohttp Client API.

  • Create an instance of JSAioGoogleTokenVerifier, along with the aiohttp web application instance, during the startup.
  • Register on_startup method of the instance with on_startup of web application to fetch the certificates for first rime and then start the background thread to re-fetch the certificates.
  • Register on_cleanup method of the instance with on_cleanup of web application to cancel the background thread when the process is being stopped.
  • Constructor for the JSAioGoogleTokenVerifier class provides following parameters to customize re-fetching of certificates.
    • By default, library uses the "Expires" header to identify when the certificates need to be re-fetched.
      • The ok_renew_interval parameter can be used to specify interval to re-fetch certificates (e.g. every hour).
    • If the library fails to fetch the certificates, it will repeatedly try to re-fetch certificates until successful.
      • Library starts with initial delay of min_error_renew_interval (default: 1 second) and exponentially backoff the interval for each sub-sequent fetch till the delay reaches max_error_renew_interval.
    • Token fields to be returned are identified by parameter profile_fields (default: email)

Following code sample assume that token to be verified is passed as parameter idtoken.

from aiohttp import web
from aiohttp_google_auth_backend import JSAioGoogleTokenVerifier

SAMPLE_GOOGLE_CLIENT_ID = "YOUR GOOGLE APPID"


async def handleLogin(request):
    data = await request.json()
    status, res = await request.app['verifyGoogleToken'].verify_token(data["idtoken"], SAMPLE_GOOGLE_CLIENT_ID)
    if status == 200:
        return web.json_response(res, status=status)
    else:
        return web.json_response(dict( error=str(res['error'])), status=status)


async def app_startup(app):
    app['JSAioGoogleTokenVerifier'] = JSAioGoogleTokenVerifier()
    await app['JSAioGoogleTokenVerifier'].on_startup()


async def app_cleanup(app):
    await app['JSAioGoogleTokenVerifier'].on_cleanup()


def app_run():
    app = web.Application()
    app.on_startup.append(app_startup)
    app.on_cleanup.append(app_cleanup)
    app.add_routes([web.post('/login', handleLogin)])
    web.run_app(app)


if __name__ == '__main__':
    app_run()

Project details


Release history Release notifications

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for aiohttp-google-auth-backend, version 0.5.1
Filename, size File type Python version Upload date Hashes
Filename, size aiohttp_google_auth_backend-0.5.1-py3-none-any.whl (16.5 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size aiohttp_google_auth_backend-0.5.1.tar.gz (4.7 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page