Skip to main content

Library of common utils for interacting with Identity-Aware Proxies

Project description

IAP Toolkit

A library of utils to ease programmatic authentication with Google IAP (and ideally other IAPs in future).

PyPi

https://pypi.org/project/iaptoolkit/

Installation

With Poetry:

poetry add iaptoolkit

With pip:

pip install iaptoolkit

Quick Start / Example Usage

import requests

from iaptoolkit import IAPToolkit

iaptk = IAPToolkit(google_iap_audience="EXAMPLE_ID_123456789ABCDEF")
allowed_domains = ["example.com", ]


# Example #1 - Combined Calls
def example1(url: str):
    headers = dict()
    result = iaptk.check_url_and_add_token_header(
        url=url,
        request_headers=headers,
        iap_audience="some_iap_audience_string" # OAuth Client ID for the IAP-protected resource as 'audience'
        valid_domains=allowed_domains
    )
    # result.token_added (bool) indicates if the token was added, depending on whether or not URL was valid
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)


# Example #2 - Separate Calls - Functionally the same as Example 1 but more flexibility in URL validation
def example2(url: str):
    is_url_safe: bool = iaptk.is_url_safe_for_token(url=url, valid_domains=valid_domains)

    if not is_url_safe:
        raise ExampleBadURLException("This URL isn't safe to send token headers to!")

    headers = dict()
    token_is_fresh: bool = iaptk.get_token_and_add_to_headers(
        request_headers=headers,
        iap_audience="some_iap_audience_string" # OAuth Client ID for the IAP-protected resource as 'audience'
    )
    # token_is_fresh indicates if token was newly retrieved (True), or if a cached token was reused (False)
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

# Example #3 - Service Account JWT (instead of OIDC Token)
def example3(url: str):
    headers = dict()
    result = iaptk.check_url_and_add_jwt_header(
        url=url,
        request_headers=headers,
        service_account_email="service-account@PROJECT_ID.iam.gserviceaccount.com",
        url_audience="https://some-iap-protected.resource/path",
        valid_domains=allowed_domains
    )
    # result.token_added (bool) indicates if the token was added, depending on whether or not URL was valid
    # headers dict now contains the appropriate Bearer JWT header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

# Example #4 - Separate Calls - Service Account JWT - Functionally the same as Example 3 but more flexibility in URL validation
def example4(url: str):
    is_url_safe: bool = iaptk.is_url_safe_for_token(url=url, valid_domains=valid_domains)

    if not is_url_safe:
        raise ExampleBadURLException("This URL isn't safe to send token headers to!")

    headers = dict()
    token_is_fresh: bool = iaptk.get_jwt_and_add_to_headers(
        request_headers=headers,
        service_account_email="service-account@PROJECT_ID.iam.gserviceaccount.com",
        url_audience="https://some-iap-protected.resource/path"
    )
    # token_is_fresh indicates if token was newly retrieved (True), or if a cached token was reused (False)
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

Disclaimer

This project is not affiliated with Google. No trademark infringement intended.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iaptoolkit-0.5.0a9.tar.gz (13.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

iaptoolkit-0.5.0a9-py3-none-any.whl (16.6 kB view details)

Uploaded Python 3

File details

Details for the file iaptoolkit-0.5.0a9.tar.gz.

File metadata

  • Download URL: iaptoolkit-0.5.0a9.tar.gz
  • Upload date:
  • Size: 13.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for iaptoolkit-0.5.0a9.tar.gz
Algorithm Hash digest
SHA256 a07260953295ad6ee7ba5b338f7708b1338f5812f15da53f28e047a74a096937
MD5 566cf7a6e702b107ad3c026bd0e58f95
BLAKE2b-256 2c49d21f9f15f4c2ce7be1e4ec3347008e4ba016cf24e06c113443cc7bda7b90

See more details on using hashes here.

Provenance

The following attestation bundles were made for iaptoolkit-0.5.0a9.tar.gz:

Publisher: publish.yml on RAVoigt/iaptoolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file iaptoolkit-0.5.0a9-py3-none-any.whl.

File metadata

  • Download URL: iaptoolkit-0.5.0a9-py3-none-any.whl
  • Upload date:
  • Size: 16.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for iaptoolkit-0.5.0a9-py3-none-any.whl
Algorithm Hash digest
SHA256 2164c86a4c7e1e3aa0ee7e5fea3433fa189acd255ded1e377968921e8bb292b2
MD5 b6aae7fcdb326161bb0de1e50d2a54b1
BLAKE2b-256 34993aa2c7f7fe2450b592c410720ae3c5bf53545abe2b41c9846627f367fecc

See more details on using hashes here.

Provenance

The following attestation bundles were made for iaptoolkit-0.5.0a9-py3-none-any.whl:

Publisher: publish.yml on RAVoigt/iaptoolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page