Skip to main content

Simple JWT token flask service security library.

Project description

[Build Status PyPI version

jwt_authenticator

jwt_authenticator is a simply python library for adding JWT token authentication/authorization in flask web sites/services. It controls access either by checking for just a validated token, or optionally, a single role claim from the token. Access is controlled by decorating the endpoint functions with an attribute.

Installation

Use the package manager pip to install jwt_authenticator.

pip install jwt-authenticator

If using RS256, you must also:

pip install cryptography

Usage

In the main application initialization area

from flask import Flask
from jwt_authenticator import AuthenticationHandler

APP = Flask(__name__)
AuthenticationHandler.load_configuration(APP)

In the endpoints

from jwt_authenticator import AuthenticationHandler, AuthError

@api.route('/<name>', methods=['GET'])
@AuthenticationHandler.requires_auth("admin")
def get_one(name):
    return f"Hello {name}"

@api.route('/<name>', methods=['GET'])
@AuthenticationHandler.requires_auth()
def get_one(name):
    return f"Hello {name}"

Configuration

jwt_authenticator requires two configuration values to work. These can be specified either in the normal Flask application configuration or as environment variables. Environment variable values will override application configuration values, when

AuthenticationHanlder.load_configuration(app)

is called.

APP.config (i.e. flask application configuration)

  • SECRET - the key used to sign the JWT token. Option if JWKS_URL specified.
  • AUDIENCE - the audience claim used in the JWT token
  • JKWS_URL - [OPTIONAL] OIDC key discovery URL
  • GROUPS_CLAIM - [OPTIONAL] which claim has the list of groups. Defaults to "groups"

Environment Variables

  • JWT_SECRET - will override SECRET
  • JWT_AUDIENCE - will override AUDIENCE
  • JWKS_URL - will override JWKS_URL
  • GROUPS_CLAIM - will override GROUPS_CLAIM

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

Building

  • Requires 'make'
make init
make test
make package

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

jwt_authenticator-1.11.4.tar.gz (39.7 kB view details)

Uploaded Source

Built Distribution

jwt_authenticator-1.11.4-py3-none-any.whl (6.0 kB view details)

Uploaded Python 3

File details

Details for the file jwt_authenticator-1.11.4.tar.gz.

File metadata

  • Download URL: jwt_authenticator-1.11.4.tar.gz
  • Upload date:
  • Size: 39.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.0.1 CPython/3.12.8

File hashes

Hashes for jwt_authenticator-1.11.4.tar.gz
Algorithm Hash digest
SHA256 5ee6f744546e28511a1522f0368c9447f96f8d995c1c5600eab89e9a557b9049
MD5 fe1810e3b0b09c6fe8535c93148803ac
BLAKE2b-256 1362fb711fc9f78cc1558f4ddb431ac4098439eabeb0dbb358bd34754b945109

See more details on using hashes here.

Provenance

The following attestation bundles were made for jwt_authenticator-1.11.4.tar.gz:

Publisher: workflow.yml on TeleTrackingTechnologies/jwt_authenticator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file jwt_authenticator-1.11.4-py3-none-any.whl.

File metadata

File hashes

Hashes for jwt_authenticator-1.11.4-py3-none-any.whl
Algorithm Hash digest
SHA256 6c228eff99731ff69722043652203adfe7a06e4dfd77d841d92d59d4a9160c47
MD5 0e4eab7823c8f3b638f75d0e8d6e554c
BLAKE2b-256 6d811c29b909a666a9ed7a50736816e4786808e35e6085009a4f6d4b5284a081

See more details on using hashes here.

Provenance

The following attestation bundles were made for jwt_authenticator-1.11.4-py3-none-any.whl:

Publisher: workflow.yml on TeleTrackingTechnologies/jwt_authenticator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page