Skip to main content

Simple way to add token auth level in your aiohttp app

Project description

aiohttp-tokenauth

Aiohttp simple token auth middleware that can check any token that assign to user or group of users in database or some another place.

Installation

pip install aiohttp_tokenauth

Documentation

Basic usage

First of all, let's create a simple app.

# Full text in example/simple_app.py
from aiohttp import web
from aiohttp_tokenauth import token_auth_middleware


async def example_resource(request):
    return web.json_response(request['user'])


async def init():

    async def user_loader(token: str):
        """Checks that token is valid

        It's the callback that will get the token from "Authorization" header.
        It can check that token is exist in a database or some another place.

        Args:
            token (str): A token from "Authorization" http header.

        Returns:
            Dict or something else. If the callback returns None then
            the aiohttp.web.HTTPForbidden will be raised.
        """
        user = None
        if token == 'fake-token':
            user = {'uuid': 'fake-uuid'}
        return user

    app = web.Application(middlewares=[token_auth_middleware(user_loader)])
    app.router.add_get('/', example_resource)
    return app


if __name__ == '__main__':
    web.run_app(init())

Then, run the aiohttp app.

$ python example/simple_app.py
======== Running on http://0.0.0.0:8080 ========
(Press CTRL+C to quit)

Now try to get access to url with token in "Authorization" header.

$ curl -H 'Authorization: Bearer fake-token' http://0.0.0.0:8080
{"uuid": "fake-uuid"}

And result without token.

$ curl http://0.0.0.0:8080
401: Missing authorization header

Ignoring routes and http methods

You can ignore specific routes, app the paths to "exclude_routes".

app = web.Application(middlewares=[
    token_auth_middleware(
        user_loader=user_loader,
        # You can use regular expressions here
        exclude_routes=('/exclude', r'/exclude/\w+/info'),
        exclude_methods=('POST',),
    ),
])

Change auth scheme

For changing the scheme (prefix in "Authorization" header) use auth_scheme argument.

app = web.Application(middlewares=[
    token_auth_middleware(
        user_loader=user_loader,
        auth_scheme='Token',
    ),
])

Now such request is valid:

$ curl -H 'Authorization: Token fake-token' http://0.0.0.0:8080
{"uuid": "fake-uuid"}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for aiohttp-tokenauth, version 0.0.2
Filename, size File type Python version Upload date Hashes
Filename, size aiohttp_tokenauth-0.0.2-py3-none-any.whl (16.3 kB) File type Wheel Python version py3 Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page