Skip to main content

Simple way to add token auth level in your aiohttp app

Project description

aiohttp-tokenauth

Aiohttp simple token auth middleware that can check any token that assign to user or group of users in database or some another place.

Installation

pip install aiohttp_tokenauth

Documentation

Basic usage

First of all, let's create a simple app.

# Full text in example/simple_app.py
from aiohttp import web
from aiohttp_tokenauth import token_auth_middleware


async def example_resource(request):
    return web.json_response(request['user'])


async def init():

    async def user_loader(token: str):
        """Checks that token is valid

        It's the callback that will get the token from "Authorization" header.
        It can check that token is exist in a database or some another place.

        Args:
            token (str): A token from "Authorization" http header.

        Returns:
            Dict or something else. If the callback returns None then
            the aiohttp.web.HTTPForbidden will be raised.
        """
        user = None
        if token == 'fake-token':
            user = {'uuid': 'fake-uuid'}
        return user

    app = web.Application(middlewares=[token_auth_middleware(user_loader)])
    app.router.add_get('/', example_resource)
    return app


if __name__ == '__main__':
    web.run_app(init())

Then, run the aiohttp app.

$ python example/simple_app.py
======== Running on http://0.0.0.0:8080 ========
(Press CTRL+C to quit)

Now try to get access to url with token in "Authorization" header.

$ curl -H 'Authorization: Bearer fake-token' http://0.0.0.0:8080
{"uuid": "fake-uuid"}

And result without token.

$ curl http://0.0.0.0:8080
401: Missing authorization header

Ignoring routes and http methods

You can ignore specific routes, app the paths to "exclude_routes".

app = web.Application(middlewares=[
    token_auth_middleware(
        user_loader=user_loader,
        # You can use regular expressions here
        exclude_routes=('/exclude', r'/exclude/\w+/info'),
        exclude_methods=('POST',),
    ),
])

Change auth scheme

For changing the scheme (prefix in "Authorization" header) use auth_scheme argument.

app = web.Application(middlewares=[
    token_auth_middleware(
        user_loader=user_loader,
        auth_scheme='Token',
    ),
])

Now such request is valid:

$ curl -H 'Authorization: Token fake-token' http://0.0.0.0:8080
{"uuid": "fake-uuid"}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for aiohttp-tokenauth, version 0.0.2
Filename, size File type Python version Upload date Hashes
Filename, size aiohttp-tokenauth-0.0.2.tar.gz (3.5 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page