No project description provided
Project description
byu-jwt-python
A python JWT validator that does all the BYU specific stuff as well as handle caching well-known and cert fetching
Installation
pip install byu_jwt
API
Note: It is important to declare the handler at a global level. This allows the caching of the well-known data as well as using the cache-control headers on the certificates only re-fetching those when cache-control has timed out. Reinitializing the class object will negate any benefit of the caching
Instantiate the class and reuse the object to utilize caching:
import byu_jwt byujwt = byu_jwt.JWT_Handler()
Check only if JWT is valid
assert byujwt.is_valid(jwt_to_validate)
Decode JWT and Check validity
try: jwt = byujwt.decode(jwt_to_validate) return f"Hello, {jwt['preferredFirstName']}" except byu_jwt.exceptions.JWTVerifyError as ex_info: return "Invalid JWT" except byu_jwt.exceptions.JWTHandlerError as ex_info: return "Error attempting to verify the jwt"
JWT Header Names
BYU's API Manager creates an HTTP header that contains a signed JWT. The names of the designed BYU signed headers can be referenced here for lookup convenience.
BYU_JWT_HEADER_CURRENT
The property containing the name of the HTTP header that contains the BYU signed JWT sent directly from BYU's API Manager.
Value is X-JWT-Assertion.
Example
current_jwt_header = byu_jwt.JWT_HEADER
BYU_JWT_HEADER_ORIGINAL
The property containing the name of the HTTP header that contains the BYU signed JWT forwarded on from a service that received the BYU signed JWT sent directly from BYU's API Manager.
Value is X-JWT-Assertion-Original.
Example
original_jwt_header = byu_jwt.JWT_HEADER_ORIGINAL
Example Python Lambda function that makes use of caching
import byu_jwt byujwt = byu_jwt.JWT_Handler() def handler(event, context): jwt_to_decode = event['headers'][byu_jwt.JWT_HEADER] try: jwt = byujwt.decode(jwt_to_validate) return {'statusCode': 200, 'body': f'Hello, {jwt["preferredFirstName"]}'} except byu_jwt.exceptions.JWTVerifyError as ex_info: return {'statusCode': 403, 'body': "Invalid JWT"} except byu_jwt.exceptions.JWTHandlerError as ex_info: return {'statusCode': 500, 'body': "Error attempting to verify the jwt"}
Example Decoded JWT Structure
{ "iss": "https://api.byu.edu", "exp": 1545425710, "byu": { "client": { "byuId": "", "claimSource": "", "netId": "", "personId": "", "preferredFirstName": "", "prefix": "", "restOfName": "", "sortName": "", "subscriberNetId": "", "suffix": "", "surname": "", "surnamePosition": "" }, "resourceOwner": { "byuId": "", "netId": "", "personId": "", "preferredFirstName": "", "prefix": "", "restOfName": "", "sortName": "", "suffix": "", "surname": "", "surnamePosition": "" } }, "wso2": { "apiContext": "", "application": { "id": "", "name": "", "tier": "" }, "clientId": "", "endUser": "", "endUserTenantId": "", "keyType": "", "subscriber": "", "tier": "", "userType": "", "version": "" } }
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.