This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

This library helps you using JWT tokens with the Zope Component Architecture (ZCA).

This package is compatible with Python version 2.7, 3.3, 3.4 and 3.5.

Copyright (c) 2015 gocept gmbh & co kg

All Rights Reserved.

This software is subject to the provisions of the Zope Public License, Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. THIS SOFTWARE IS PROVIDED “AS IS” AND ANY AND ALL EXPRESS OR IMPLIED WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.

Usage

The CryptographicKey utility

gocept.webtoken uses a global utility of the class gocept.webtoken.CryptographicKeys, which provides cryptographic keys for different purposes. It loads a set of public and private keys from disk. It takes the filesystem path to your key files and a list of key names:

>>> import gocept.webtoken
>>> import pkg_resources
>>> path_to_keys = pkg_resources.resource_filename(
...     'gocept.webtoken', 'testing/keys')
>>> keys = gocept.webtoken.CryptographicKeys(
...     path_to_keys, ['key1'])

For each of the names, a private key file of the same name and a public key file (with a .pub suffix) must reside inside the keys_dir.

The utility needs to be registered at the ZCA, either via a zcml file or via:

>>> import zope.component
>>> zope.component.provideUtility(keys)

Creating a token

Create a signed web token with the function create_web_token. You will need the private key name, which was registered at the CryptographycKey utility. It is referenced by its name and the suffix -private:

>>> expires_in = 300  # The token is valid for 300 seconds
>>> payload = {'your': 'data'}
>>> result = gocept.webtoken.create_web_token(
...     'key1-private', 'issuer', 'subject', expires_in, payload)
>>> sorted(result.keys())
['data', 'token']

The token is available under the key token, while the data encoded in the token is placed under the key data.

Creating a Bearer Authorization header

You can create an Bearer Authorization header either from a token_dict as returned by create_web_token or from a token directly:

>>> gocept.webtoken.create_authorization_header(b'<TOKEN>')
('Authorization', 'Bearer <TOKEN>')

Extracting a token from a Bearer Authorization header

Extract the token from a dict containing the headers of you request or from the value of the HTTP Authorization header itself:

>>> request_headers = dict(Authorization='Bearer <TOKEN>')
>>> b'<TOKEN>' == gocept.webtoken.extract_token(request_headers)
True

Decoding a token

Decode a signed web token with the function decode_web_token. You will need the public key name, which was registered at the CryptographycKey utility. It is referenced by its name and the suffix -public:

>>> result = gocept.webtoken.decode_web_token(
...     result['token'], 'key1-public', 'subject')

Note that the subject must match the subject given when the token was created.

The result contains all data encoded in the token. You can find the payload under the key data:

>>> {'your': 'data'} == result['data']
True

gocept.webtoken

1.2.1 (2015-10-08)

  • Fix \(extract_token\) to accept any collections.Mapping derived object.

1.2 (2015-10-08)

  • Added helper functions to create a Bearer Authorization header and extract a token from it.
  • Officially support Python 3.5.

1.1 (2015-10-01)

  • Shortened imports for \(CryptographicKeys\), \(create_web_token\) and \(decode_web_token\), which are now importable directly from \(gocept.webtoken\).
  • Added documentation.

1.0 (2015-10-01)

  • Add support for Python 3.3 and 3.4.
  • Initial release, extracted from internally used package.
Release History

Release History

1.2.1

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.2

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
gocept.webtoken-1.2.1.tar.gz (17.2 kB) Copy SHA256 Checksum SHA256 Source Oct 8, 2015

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting