Flask SDK for Axioms
Project description
axioms-flask-py
Axioms Python client for Flask. Secure your Flask APIs using Axioms Authentication and Authorization.
Prerequisite
- Python 3.7+
- An Axioms client which can obtain access token after user's authentication and authorization and include in
Authorization
header of all API request sent to Python/Flask application server.
Install SDK
Install axioms-flask-py
in you Flask API project,
pip install axioms-flask-py
Basic usage
Add .env
file
Create a .env
file and add following configs,
AXIOMS_DOMAIN=<your-axioms-slug>.axioms.io
AXIOMS_AUDIENCE=<your-axioms-resource-identifier>
URL_LIB_SSL_IGNORE=True
Load Config
In your Flask app file (where flask app is declared) add following.
from flask_dotenv import DotEnv
env = DotEnv(app)
Register Error
In your Flask app file (where flask app is declared) add following.
from flask import jsonify
from axioms_flask.error import AxiomsError
@app.errorhandler(AxiomsError)
def handle_auth_error(ex):
response = jsonify(ex.error)
response.status_code = ex.status_code
response.headers[
"WWW-Authenticate"
] = "Bearer realm='{}', error='{}', error_description='{}'".format(
app.config["AXIOMS_DOMAIN"], ex.error["error"], ex.error["error_description"]
)
return response
Guard API Views
Use is_authenticated
along with has_required_scopes
, has_required_roles
, has_required_permissions
decorators to guard your views.
For a protected API view, is_authenticated
should be always the
first decorator. Order of decorators is important. Other decorators should
always come after is_authenticated
.
has required scopes
has_required_scopes
requires an array of strings representing the allowed scope or scopes for the view as parameter.
For instance, to check openid
or profile
pass ['profile', 'openid']
as parameter in has_required_scopes
.
from axioms_flask.decorators import is_authenticated, has_required_scopes
@private_api.route('/private', methods=["GET"])
@is_authenticated
@has_required_scopes(['openid', 'profile'])
def api_private():
return jsonify({'message': 'All good. You are authenticated!'})
Has required roles
Prerequisite: Roles should be defined and assigned to users in Axioms.
has_required_roles
requires an array of strings representing the allowed role or roles for the view as parameter. If intersection of allowed roles on the view and the roles in the token is a positive number, function will return true otherwise false.
@role_api.route("/role", methods=["GET", "POST", "PATCH", "DELETE"])
@is_authenticated
@has_required_roles(["sample:role"])
def sample_role():
return jsonify({'message': 'You have required role to create, update, read, delete!'})
Has required permissions
Prerequisite: Permissions should be defined when a resource is created and configured in Axioms (see how to add permissions on resource).
has_required_roles
requires an array of strings representing the allowed permission or permissions for the view as parameter.
For instance, to check sample:create
or sample:update
permissions you will pass ['sample:create', 'sample:update']
as parameter in has_required_roles
. If intersection of allowed roles on the view and the roles in the token is a positive number, function will return true otherwise false.
@permission_api.route("/permission", methods=["POST", "PATCH"])
@is_authenticated
@has_required_permissions(["sample:create", "sample:updated"])
def sample_create():
return jsonify({'message': 'You have required permissions to create or update!'})
Flask Sample
To learn more download our Flask sample from our Github repository. In less than 10 minutes you can deploy sample to Heroku or AWS Lambda.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for axioms_flask_py-0.0.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f3c09d079520ed73b5dae34766b921b654885b45847c312f18a98df58c3fec49 |
|
MD5 | ca1ef17195a0387a8f51011a9269b02a |
|
BLAKE2b-256 | 972b51c817cf77eb4d1c86ee4c2fca48e3ec12bbe725ed6b480701021313f906 |