Skip to main content

Library of common utils for interacting with Identity-Aware Proxies

Project description

IAP Toolkit

A library of utils to ease programmatic authentication with Google IAP (and ideally other IAPs in future).

PyPi

https://pypi.org/project/iaptoolkit/

Installation

With Poetry:

poetry add iaptoolkit

With pip:

pip install iaptoolkit

Quick Start / Example Usage

import requests

from iaptoolkit import IAPToolkit

iaptk = IAPToolkit(google_iap_audience="EXAMPLE_ID_123456789ABCDEF")
allowed_domains = ["example.com", ]


# Example #1 - Combined Calls
def example1(url: str):
    headers = dict()
    result = iaptk.check_url_and_add_token_header(
        url=url,
        request_headers=headers,
        iap_audience="some_iap_audience_string" # OAuth Client ID for the IAP-protected resource as 'audience'
        valid_domains=allowed_domains
    )
    # result.token_added (bool) indicates if the token was added, depending on whether or not URL was valid
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)


# Example #2 - Separate Calls - Functionally the same as Example 1 but more flexibility in URL validation
def example2(url: str):
    is_url_safe: bool = iaptk.is_url_safe_for_token(url=url, valid_domains=valid_domains)

    if not is_url_safe:
        raise ExampleBadURLException("This URL isn't safe to send token headers to!")

    headers = dict()
    token_is_fresh: bool = iaptk.get_token_and_add_to_headers(
        request_headers=headers,
        iap_audience="some_iap_audience_string" # OAuth Client ID for the IAP-protected resource as 'audience'
    )
    # token_is_fresh indicates if token was newly retrieved (True), or if a cached token was reused (False)
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

# Example #3 - Service Account JWT (instead of OIDC Token)
def example3(url: str):
    headers = dict()
    result = iaptk.check_url_and_add_jwt_header(
        url=url,
        request_headers=headers,
        service_account_email="service-account@PROJECT_ID.iam.gserviceaccount.com",
        url_audience="https://some-iap-protected.resource/path",
        valid_domains=allowed_domains
    )
    # result.token_added (bool) indicates if the token was added, depending on whether or not URL was valid
    # headers dict now contains the appropriate Bearer JWT header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

# Example #4 - Separate Calls - Service Account JWT - Functionally the same as Example 3 but more flexibility in URL validation
def example4(url: str):
    is_url_safe: bool = iaptk.is_url_safe_for_token(url=url, valid_domains=valid_domains)

    if not is_url_safe:
        raise ExampleBadURLException("This URL isn't safe to send token headers to!")

    headers = dict()
    token_is_fresh: bool = iaptk.get_jwt_and_add_to_headers(
        request_headers=headers,
        service_account_email="service-account@PROJECT_ID.iam.gserviceaccount.com",
        url_audience="https://some-iap-protected.resource/path"
    )
    # token_is_fresh indicates if token was newly retrieved (True), or if a cached token was reused (False)
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

Disclaimer

This project is not affiliated with Google. No trademark infringement intended.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iaptoolkit-0.5.0a4.tar.gz (13.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

iaptoolkit-0.5.0a4-py3-none-any.whl (17.4 kB view details)

Uploaded Python 3

File details

Details for the file iaptoolkit-0.5.0a4.tar.gz.

File metadata

  • Download URL: iaptoolkit-0.5.0a4.tar.gz
  • Upload date:
  • Size: 13.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for iaptoolkit-0.5.0a4.tar.gz
Algorithm Hash digest
SHA256 b2205c4221b85d9d12f80bf74af858fe45ac16b627b8fc43d81322c52ef7d314
MD5 cb78bc03561cf0cde49248ef2dbcdc2c
BLAKE2b-256 16d730a601ec117246df8772fb99280babd9d00ee0533066294b87d7a39b4515

See more details on using hashes here.

Provenance

The following attestation bundles were made for iaptoolkit-0.5.0a4.tar.gz:

Publisher: publish.yml on RAVoigt/iaptoolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file iaptoolkit-0.5.0a4-py3-none-any.whl.

File metadata

  • Download URL: iaptoolkit-0.5.0a4-py3-none-any.whl
  • Upload date:
  • Size: 17.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for iaptoolkit-0.5.0a4-py3-none-any.whl
Algorithm Hash digest
SHA256 48084d62d8b7a2d7061c08b8952c8ca171aec6605cd61885913056e316f607e5
MD5 5a8cc57f36e931674b72be074e78f42b
BLAKE2b-256 8ecfafef57b4a0e7e9191e3c62ee5d92d637ac80f371d15bb9a56cdb8d0c1f5a

See more details on using hashes here.

Provenance

The following attestation bundles were made for iaptoolkit-0.5.0a4-py3-none-any.whl:

Publisher: publish.yml on RAVoigt/iaptoolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page