Skip to main content

Library of common utils for interacting with Identity-Aware Proxies

Project description

IAP Toolkit

A library of utils to ease programmatic authentication with Google IAP (and ideally other IAPs in future).

PyPi

https://pypi.org/project/iaptoolkit/

Installation

With Poetry:

poetry add iaptoolkit

With pip:

pip install iaptoolkit

Quick Start / Example Usage

import requests

from iaptoolkit import IAPToolkit

iaptk = IAPToolkit(google_iap_audience="EXAMPLE_ID_123456789ABCDEF")
allowed_domains = ["example.com", ]


# Example #1 - Combined Calls
def example1(url: str):
    headers = dict()
    result = iaptk.check_url_and_add_token_header(
        url=url,
        request_headers=headers,
        iap_audience="some_iap_audience_string" # OAuth Client ID for the IAP-protected resource as 'audience'
        valid_domains=allowed_domains
    )
    # result.token_added (bool) indicates if the token was added, depending on whether or not URL was valid
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)


# Example #2 - Separate Calls - Functionally the same as Example 1 but more flexibility in URL validation
def example2(url: str):
    is_url_safe: bool = iaptk.is_url_safe_for_token(url=url, valid_domains=valid_domains)

    if not is_url_safe:
        raise ExampleBadURLException("This URL isn't safe to send token headers to!")

    headers = dict()
    token_is_fresh: bool = iaptk.get_token_and_add_to_headers(
        request_headers=headers,
        iap_audience="some_iap_audience_string" # OAuth Client ID for the IAP-protected resource as 'audience'
    )
    # token_is_fresh indicates if token was newly retrieved (True), or if a cached token was reused (False)
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

# Example #3 - Service Account JWT (instead of OIDC Token)
def example3(url: str):
    headers = dict()
    result = iaptk.check_url_and_add_jwt_header(
        url=url,
        request_headers=headers,
        service_account_email="service-account@PROJECT_ID.iam.gserviceaccount.com",
        url_audience="https://some-iap-protected.resource/path",
        valid_domains=allowed_domains
    )
    # result.token_added (bool) indicates if the token was added, depending on whether or not URL was valid
    # headers dict now contains the appropriate Bearer JWT header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

# Example #4 - Separate Calls - Service Account JWT - Functionally the same as Example 3 but more flexibility in URL validation
def example4(url: str):
    is_url_safe: bool = iaptk.is_url_safe_for_token(url=url, valid_domains=valid_domains)

    if not is_url_safe:
        raise ExampleBadURLException("This URL isn't safe to send token headers to!")

    headers = dict()
    token_is_fresh: bool = iaptk.get_jwt_and_add_to_headers(
        request_headers=headers,
        service_account_email="service-account@PROJECT_ID.iam.gserviceaccount.com",
        url_audience="https://some-iap-protected.resource/path"
    )
    # token_is_fresh indicates if token was newly retrieved (True), or if a cached token was reused (False)
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

Disclaimer

This project is not affiliated with Google. No trademark infringement intended.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iaptoolkit-0.5.0a3.tar.gz (13.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

iaptoolkit-0.5.0a3-py3-none-any.whl (17.2 kB view details)

Uploaded Python 3

File details

Details for the file iaptoolkit-0.5.0a3.tar.gz.

File metadata

  • Download URL: iaptoolkit-0.5.0a3.tar.gz
  • Upload date:
  • Size: 13.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for iaptoolkit-0.5.0a3.tar.gz
Algorithm Hash digest
SHA256 053a6819ee3c43573a47e61953bc05b0f77b1f2aa8410668edfb12cd0757dff8
MD5 08278b2e2ab95ea7ebf1332639f10a57
BLAKE2b-256 8bcf575567dbbfe36abfd26230c13fbf11a30778aa5c1fdd6167e4d355a94537

See more details on using hashes here.

Provenance

The following attestation bundles were made for iaptoolkit-0.5.0a3.tar.gz:

Publisher: publish.yml on RAVoigt/iaptoolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file iaptoolkit-0.5.0a3-py3-none-any.whl.

File metadata

  • Download URL: iaptoolkit-0.5.0a3-py3-none-any.whl
  • Upload date:
  • Size: 17.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for iaptoolkit-0.5.0a3-py3-none-any.whl
Algorithm Hash digest
SHA256 626c086b7756ae142497eeaf7b35213145027c43f571b0c5202fa577f251ef27
MD5 cdb5f7b58b27320b3a82cf1727c69dcf
BLAKE2b-256 950d56cd65e3eecbc2e311d927082beb703e961dd44e19792d5e496c90d85ca9

See more details on using hashes here.

Provenance

The following attestation bundles were made for iaptoolkit-0.5.0a3-py3-none-any.whl:

Publisher: publish.yml on RAVoigt/iaptoolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page