Skip to main content

Library of common utils for interacting with Identity-Aware Proxies

Project description

IAP Toolkit

A library of utils to ease programmatic authentication with Google IAP (and ideally other IAPs in future).

PyPi

https://pypi.org/project/iaptoolkit/

Installation

With Poetry:

poetry add iaptoolkit

With pip:

pip install iaptoolkit

Quick Start / Example Usage

import requests

from iaptoolkit import IAPToolkit

iaptk = IAPToolkit(google_iap_audience="EXAMPLE_ID_123456789ABCDEF")
allowed_domains = ["example.com", ]


# Example #1 - Combined Calls
def example1(url: str):
    headers = dict()
    result = iaptk.check_url_and_add_token_header(
        url=url,
        request_headers=headers,
        iap_audience="some_iap_audience_string" # OAuth Client ID for the IAP-protected resource as 'audience'
        valid_domains=allowed_domains
    )
    # result.token_added (bool) indicates if the token was added, depending on whether or not URL was valid
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)


# Example #2 - Separate Calls - Functionally the same as Example 1 but more flexibility in URL validation
def example2(url: str):
    is_url_safe: bool = iaptk.is_url_safe_for_token(url=url, valid_domains=valid_domains)

    if not is_url_safe:
        raise ExampleBadURLException("This URL isn't safe to send token headers to!")

    headers = dict()
    token_is_fresh: bool = iaptk.get_token_and_add_to_headers(
        request_headers=headers,
        iap_audience="some_iap_audience_string" # OAuth Client ID for the IAP-protected resource as 'audience'
    )
    # token_is_fresh indicates if token was newly retrieved (True), or if a cached token was reused (False)
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

# Example #3 - Service Account JWT (instead of OIDC Token)
def example3(url: str):
    headers = dict()
    result = iaptk.check_url_and_add_jwt_header(
        url=url,
        request_headers=headers,
        service_account_email="service-account@PROJECT_ID.iam.gserviceaccount.com",
        url_audience="https://some-iap-protected.resource/path",
        valid_domains=allowed_domains
    )
    # result.token_added (bool) indicates if the token was added, depending on whether or not URL was valid
    # headers dict now contains the appropriate Bearer JWT header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

# Example #4 - Separate Calls - Service Account JWT - Functionally the same as Example 3 but more flexibility in URL validation
def example4(url: str):
    is_url_safe: bool = iaptk.is_url_safe_for_token(url=url, valid_domains=valid_domains)

    if not is_url_safe:
        raise ExampleBadURLException("This URL isn't safe to send token headers to!")

    headers = dict()
    token_is_fresh: bool = iaptk.get_jwt_and_add_to_headers(
        request_headers=headers,
        service_account_email="service-account@PROJECT_ID.iam.gserviceaccount.com",
        url_audience="https://some-iap-protected.resource/path"
    )
    # token_is_fresh indicates if token was newly retrieved (True), or if a cached token was reused (False)
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

Disclaimer

This project is not affiliated with Google. No trademark infringement intended.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iaptoolkit-0.5.0a8.tar.gz (14.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

iaptoolkit-0.5.0a8-py3-none-any.whl (17.5 kB view details)

Uploaded Python 3

File details

Details for the file iaptoolkit-0.5.0a8.tar.gz.

File metadata

  • Download URL: iaptoolkit-0.5.0a8.tar.gz
  • Upload date:
  • Size: 14.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for iaptoolkit-0.5.0a8.tar.gz
Algorithm Hash digest
SHA256 e44305a257b3e791d1de53b029a0537c59c2fecc8d88a09ecbc2e125ab22cc0b
MD5 de804eb63446531354b126f0f9719156
BLAKE2b-256 92bdd10a19a8aa566fee900b084b2dd48507cfb0109b097b82c3f5dbf049c446

See more details on using hashes here.

Provenance

The following attestation bundles were made for iaptoolkit-0.5.0a8.tar.gz:

Publisher: publish.yml on RAVoigt/iaptoolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file iaptoolkit-0.5.0a8-py3-none-any.whl.

File metadata

  • Download URL: iaptoolkit-0.5.0a8-py3-none-any.whl
  • Upload date:
  • Size: 17.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for iaptoolkit-0.5.0a8-py3-none-any.whl
Algorithm Hash digest
SHA256 b99340d648bf63279ac0e90845ff3cb3334a3e67d24596a28ed24d0749b9382b
MD5 d24e3cdd1612e937fd65f6a130ca10b2
BLAKE2b-256 91f11c4f10d7bc7afb93e4d2fedde64b5c9f803e3fed76545ee08b03ea7deff3

See more details on using hashes here.

Provenance

The following attestation bundles were made for iaptoolkit-0.5.0a8-py3-none-any.whl:

Publisher: publish.yml on RAVoigt/iaptoolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page