Skip to main content

Library of common utils for interacting with Identity-Aware Proxies

Reason this release was yanked:

Fatal bug

Project description

IAP Toolkit

A library of utils to ease programmatic authentication with Google IAP (and ideally other IAPs in future).

PyPi

https://pypi.org/project/iaptoolkit/

Installation

With Poetry:

poetry add iaptoolkit

With pip:

pip install iaptoolkit

Quick Start / Example Usage

import requests

from iaptoolkit import IAPToolkit

iaptk = IAPToolkit(google_iap_audience="EXAMPLE_ID_123456789ABCDEF")
allowed_domains = ["example.com", ]


# Example #1 - Combined Calls
def example1(url: str):
    headers = dict()
    result = iaptk.check_url_and_add_token_header(
        url=url,
        request_headers=headers,
        iap_audience="some_iap_audience_string" # OAuth Client ID for the IAP-protected resource as 'audience'
        valid_domains=allowed_domains
    )
    # result.token_added (bool) indicates if the token was added, depending on whether or not URL was valid
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)


# Example #2 - Separate Calls - Functionally the same as Example 1 but more flexibility in URL validation
def example2(url: str):
    is_url_safe: bool = iaptk.is_url_safe_for_token(url=url, valid_domains=valid_domains)

    if not is_url_safe:
        raise ExampleBadURLException("This URL isn't safe to send token headers to!")

    headers = dict()
    token_is_fresh: bool = iaptk.get_token_and_add_to_headers(
        request_headers=headers,
        iap_audience="some_iap_audience_string" # OAuth Client ID for the IAP-protected resource as 'audience'
    )
    # token_is_fresh indicates if token was newly retrieved (True), or if a cached token was reused (False)
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

# Example #3 - Service Account JWT (instead of OIDC Token)
def example3(url: str):
    headers = dict()
    result = iaptk.check_url_and_add_jwt_header(
        url=url,
        request_headers=headers,
        service_account_email="service-account@PROJECT_ID.iam.gserviceaccount.com",
        url_audience="https://some-iap-protected.resource/path",
        valid_domains=allowed_domains
    )
    # result.token_added (bool) indicates if the token was added, depending on whether or not URL was valid
    # headers dict now contains the appropriate Bearer JWT header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

# Example #4 - Separate Calls - Service Account JWT - Functionally the same as Example 3 but more flexibility in URL validation
def example4(url: str):
    is_url_safe: bool = iaptk.is_url_safe_for_token(url=url, valid_domains=valid_domains)

    if not is_url_safe:
        raise ExampleBadURLException("This URL isn't safe to send token headers to!")

    headers = dict()
    token_is_fresh: bool = iaptk.get_jwt_and_add_to_headers(
        request_headers=headers,
        service_account_email="service-account@PROJECT_ID.iam.gserviceaccount.com",
        url_audience="https://some-iap-protected.resource/path"
    )
    # token_is_fresh indicates if token was newly retrieved (True), or if a cached token was reused (False)
    # headers dict now contains the appropriate Bearer Token header for Google IAP

    # Make HTTP GET request with requests lib, with our headers containing bearer token to auth with IAP
    response = requests.request("GET", url, headers=headers)

Disclaimer

This project is not affiliated with Google. No trademark infringement intended.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iaptoolkit-0.5.2.tar.gz (13.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

iaptoolkit-0.5.2-py3-none-any.whl (16.6 kB view details)

Uploaded Python 3

File details

Details for the file iaptoolkit-0.5.2.tar.gz.

File metadata

  • Download URL: iaptoolkit-0.5.2.tar.gz
  • Upload date:
  • Size: 13.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for iaptoolkit-0.5.2.tar.gz
Algorithm Hash digest
SHA256 59b356178c4886643425842e5e50fad25abc326a7925a92b5a735c88f33cb7e6
MD5 faba1acdb5258ec98c07a564cf265a5f
BLAKE2b-256 30975e1ecededdb56b10d0f4038b4e69fcc2e1723b42f74e779610717fa384a2

See more details on using hashes here.

Provenance

The following attestation bundles were made for iaptoolkit-0.5.2.tar.gz:

Publisher: publish.yml on RAVoigt/iaptoolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file iaptoolkit-0.5.2-py3-none-any.whl.

File metadata

  • Download URL: iaptoolkit-0.5.2-py3-none-any.whl
  • Upload date:
  • Size: 16.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for iaptoolkit-0.5.2-py3-none-any.whl
Algorithm Hash digest
SHA256 100ab2e36b8ce4ed18464bc98638ccac63c2afa651f9e0e0aeb36b90a68336fd
MD5 aa3456f5f1843430efb11916b941f8f5
BLAKE2b-256 1234351db598ff7ca501aafdf783bc6a9158dea0006e01b6d1ab1dcef11f37fe

See more details on using hashes here.

Provenance

The following attestation bundles were made for iaptoolkit-0.5.2-py3-none-any.whl:

Publisher: publish.yml on RAVoigt/iaptoolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page