Verify JWT issued by Azure Active Directory B2C in Python.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rodwyer from gravatar.com rodwyer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
  • Author: O'Dwyer Software
Classifiers
Report project as malware

Project description

azure-ad-verify-token

Verify JWT issued by Azure Active Directory B2C in Python 🐍.

Validation steps this library makes:

1. Accepts an Azure AD B2C JWT.
2. Extracts `kid` from unverified headers.
3. Finds `kid` within Azure JWKS.
4. Obtains RSA key from JWK.
5. Calls `jwt.decode` with nessary parameters, which inturn validates:

    - Signature
    - Expiration
    - Audience
    - Issuer
    - Key
    - Algorithm

License

https://creativecommons.org/licenses/by-nc-nd/4.0/

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

For commercial use licenses contact us.

Installation

pip install azure-ad-verify-token

Usage

First you'll need to get your azure_ad_app_id, azure_ad_issuer and azure_ad_jwks_uri. See below steps to obtain these.

  1. For app id. Login to Azure Portal, navigation to Azure AD B2C, Click on the Applications section and your app id should be listed.

  2. For Issuer and JWKS URI:

Under the "User Flows", note down the name of yours, this will be needed shortly.

https://i.imgur.com/uYmghAZ.png

Next, under Azure AD B2C, within the Applications section.

Click on "Endpoints".

Copy the endpoint with the label "OpenID Connect configuration endpoint (v2)"

It will look something like:

https://exampletenant.b2clogin.com/exampletenant.onmicrosoft.com/<policy-name>/v2.0/.well-known/openid-configuration

https://i.imgur.com/3bQGZBn.png

Now replace <policy-name> with the name of your User Flow from earlier

https://exampletenant.b2clogin.com/exampletenant.onmicrosoft.com/B2C_1_jhh_sign_in/v2.0/.well-known/openid-configuration

Now visit that URL in your web browser.

You should get a JSON response, note down the values for the keys 'issuer' and 'jwks_uri'.

Now you have those values you can proceed to verify a Azure generated JWT Token.

from azure_ad_verify_token import verify_jwt

azure_ad_app_id = 'b74cd13f-8f79-4c98-b748-7789ecb1111d5'
azure_ad_issuer = 'https://exampletenant.b2clogin.com/0867afa-24e7-40e9-9d27-74bb598zzzzc/v2.0/'
azure_ad_jwks_uri = 'https://exampletenant.b2clogin.com/exampletenant.onmicrosoft.com/b2c_1_jhh_sign_in/discovery/v2.0/keys'
payload = verify_jwt(
    token='<AZURE_JWT_TO_VERIFY_HERE>',
    valid_audiences=[azure_ad_app_id],
    issuer=azure_ad_issuer,
    jwks_uri=azure_ad_jwks_uri,
)

print(payload)
{'aud': 'b74cd13f-8f79-4c98-b748-7789ecb1111d5',
 'auth_time': 1591800638,
 'emails': ['bob@example.com'],
 'exp': 1591804238,
 'family_name': 'Exp Admin',
 'given_name': 'Richard',
 'iat': 1591800638,
 'iss': 'https://exampletenant.b2clogin.com/90867afa-24e7-40e9-9d27-74bb598zzzzc/v2.0/',
 'nbf': 1591800638,
 'sub': 'e07bbc53-b812-4572-9edc-4b5d4ac88447',
 'tfp': 'B2C_1_jhh_sign_in',
 'ver': '1.0'}

If something goes wrong, one of the below exceptions will be raised:

# If the token is found to be invalid.
azure_ad_verify_token.InvalidAuthorizationToken

# Base exception, raised if the checks which call the Azure server recieve an unhappy response.
azure_ad_verify_token.AzureVerifyTokenError

Release History

0.1.0 (2020-06-29)

  • Initial release.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rodwyer from gravatar.com rodwyer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
  • Author: O'Dwyer Software
Classifiers

Release history Release notifications | RSS feed

0.4.0

0.3.0

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

azure-ad-verify-token-0.1.0.tar.gz (12.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

azure_ad_verify_token-0.1.0-py2.py3-none-any.whl (10.1 kB view details)

Uploaded Python 2Python 3

File details

Details for the file azure-ad-verify-token-0.1.0.tar.gz.

File metadata

  • Download URL: azure-ad-verify-token-0.1.0.tar.gz
  • Upload date:
  • Size: 12.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.8.0

File hashes

Hashes for azure-ad-verify-token-0.1.0.tar.gz
Algorithm Hash digest
SHA256 601b64480680e2045ffb0b83f4afb1e63d7d310ce7969e00b5112531f29de19b
MD5 5381209b1eaf6f6622ad21fc2223c902
BLAKE2b-256 3aa1be56f28b1df56c20b304c265ac35df13049a6863975ee750b3834c960b93

See more details on using hashes here.

File details

Details for the file azure_ad_verify_token-0.1.0-py2.py3-none-any.whl.

File metadata

  • Download URL: azure_ad_verify_token-0.1.0-py2.py3-none-any.whl
  • Upload date:
  • Size: 10.1 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.8.0

File hashes

Hashes for azure_ad_verify_token-0.1.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 4e7a623952984bdda4dd38ce50483cbfa8b7172ad54a3a96749ed9eda30cbe68
MD5 fe377956cfe6493d507cf9a77d666ad4
BLAKE2b-256 904c46ce0a4b928ff1d64e7bd8443c1598321ab5616f7e2760e15db13657be2a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page