Kaleidoo middleware package
Project description
kal-middleware
kal-middleware is a Python package designed for FastAPI applications to provide robust JWT and Service-to-Service (STS) authentication using Firebase and Google Identity Platform.
Features
- JWT Authentication: Ensures that the JWTs are valid and checks user roles against provided configurations.
- STS Authentication: Validates tokens for service-to-service communication ensuring that only verified services can communicate.
Installation
Install kal-middleware using pip:
pip install kal_middleware
Usage
JWT Authentication
To add JWT authentication to your FastAPI endpoints, you can use the jwt_authenticated decorator provided by kal-middleware. This decorator checks if the JWT token in the Authorization header is valid and whether the user has the appropriate role based on a configuration map.
Here's an example of how to apply the jwt_authenticated decorator:
from kal_middleware.jwt import jwt_authenticated
# Define a function to retrieve the user's role based on their user ID
def get_user_role_function(user_id: str):
# Implement your logic to retrieve the user's role
# If the user not found, return "".
return "user_role"
# Define a configuration map specifying services, actions, and required permissions
config_map = {
"service": {
"action": {
"permissions": ["user_role", "admin_role"]
}
}
}
# if there is specific variable in the body that needed checks of who access its data only
def check_access(firebase_uid, body):
# check in the db the user and his parameters
# for example if in the db the user with that exactly firebase_uid is:
user = {
"firebase_uid": "12345",
"org_id": "12345"
}
return body["org_id"] == user["org_id"]
@app.get("/your-route")
@jwt_authenticated(get_user_role_function, config_map, check_access)
async def your_route_function():
# Your route logic
return {"message": "This is a protected route"}
STS Authentication
For service-to-service (STS) authentication using Google's Identity Platform, you can use the sts_authenticated decorator. This ensures that the calling service's token is verified to enable secure interactions between services.
Here's how to use the sts_authenticated decorator in your FastAPI app:
- Make sure first you have env variable named
ALLOWED_SERVICE_ACCOUNTSwith the following structure:example1@gserviceaccount.com, example2@gserviceaccount.com
from kal_middleware.sts import sts_authenticated
@app.get("/secure-service")
@sts_authenticated
async def secure_service_function():
# Logic that requires service-to-service authentication
return {"message": "Service-to-service call is authenticated"}
This configuration will parse and verify the Authorization header, ensuring that only requests with a verified bearer token can access the endpoint.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file kal_middleware-0.0.1.tar.gz.
File metadata
- Download URL: kal_middleware-0.0.1.tar.gz
- Upload date:
- Size: 14.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2c0ab6c514deddef14ca924fbe9342cd230b48ec72d5af158ad97bd6f9e5e893 |
|
| MD5 | 5512d9da500031112773654806d8d3ee |
|
| BLAKE2b-256 | 6adfe49ff71886896c7a822c49362156eb5b75495a3d94ca92d8f34183d4492e |
File details
Details for the file kal_middleware-0.0.1-py2.py3-none-any.whl.
File metadata
- Download URL: kal_middleware-0.0.1-py2.py3-none-any.whl
- Upload date:
- Size: 6.2 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b36e53363c30ad3ed26a0408207937c11bfd7a0388b651700662e73aef982109 |
|
| MD5 | 860a22bb9e85a6b5281a80ee75fce817 |
|
| BLAKE2b-256 | 06eaaf073a7a86741bacc8474a94013610ad73a9edf1303ed1e0721740af1efd |
