Skip to main content

Flask JWT consumer with multi public key support

Project description

CircleCI Maintainability

Flask JWT consumer

Flask extension for JWT token validation

Based on pyJWT. Supports multi public key validation in form of simplified authorized_keys format, with only keys, and comments, no options. Good for key rotations or when you need multi issuer support.

Rational

Inspired by Flask JWT Simple, nice package I was enjoying until the need for multi key support. So that's where many backward compatible settings came from.

Configuration

  • JWT_ALGORITHM default RS256, algorithm used to decode JWT. As current iteration only asymmetric algorithms are considered. So anything symmetric will likely fail.
  • JWT_HEADER_NAME default Authorization, header where JWT expected to be.
  • JWT_HEADER_TYPE default Bearer, type of the token, part of the header's value.
  • JWT_IDENTITY optional, if provided JWT will use it.
  • JWT_AUTHORIZED_KEYS new line separated list of OpenSSH formatted keys.
  • VERIFY_AUD disable verification of aud during JWT decoding.

Decorators

@requires_jwt - use on the flask endpoint that is desired to be protected, accepts additional parameter pass_token_payload which will add named parameter token_payload at the very end of the parameters accepted by decorated function.

@requires_jwt
def get(search):
    # ...GET logic with search parameter

@requires_jwt(pass_token_payload=True)
def post(data, token_payload):
    # ...POST logic with data parameter and token payload

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask_jwt_consumer-1.1.0.tar.gz (5.2 kB view hashes)

Uploaded Source

Built Distribution

flask_jwt_consumer-1.1.0-py3-none-any.whl (7.7 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page