NATS JWT tokens signed using NKeys for the Python3 ecosystem
Project description
NATS jwt lib for python
Python's library for generating JWT tokens for NATS server.
⚠️ Warning ⚠️
This library is not well-tested and is in the development stage.
The Author(s) is not a developer of the NATS, so may not understand zen of the NATS.
Notes
| Scope | level | description |
|---|---|---|
Code |
ℹ️ | This library was inspired and based on official NATS's go library. |
Code |
ℹ️ | Author tried to save structure of code that GoLang version has, but it is not one-to-one due to languages specs. |
Code |
ℹ️ | In this library there is snippets.py that is targeting to make creation of accounts and users easier. |
Tests |
⚠️ | Tests not covering all code. |
Documentation |
ℹ️ | NATS has powerful documentation for JWT. Recommended for reading. |
Code Example
Code examples are using snippets.py which is not part of the go library.
Create Operator from seed
from nats_jwt.v2.snippets import Operator
from nats_jwt.v2.account_claims import Export
from nats_jwt.nkeys_ext import nkeys2
from nkeys import nkeys
# create raw seed - 32 'random' bytes
raw_seed: bytes = nkeys2.create_seed()
# create a new seed for operator. This seed now would look in base64 like:
# SO...
op_seed: bytes = nkeys2.encode_seed(nkeys.PREFIX_BYTE_OPERATOR, raw_seed)
# Tip: Also operator, account and user seeds can be created via prepared functions
# Note 1: those functions are returning nkeys.KeyPair objects (ed25519 generated keys)
# Note 2: You can extract seed from KeyPair object by calling seed() method
#
# nkeys2.create_operator_pair()
# nkeys2.create_account_pair()
# nkeys2.create_user_pair()
# now we can create an abstraction above this seed for operator operations
op = Operator(seed=op_seed)
# `create_account` will create new seed, KeyPair, AccountClaims with issuer set to operator's public key
# also, `Account` snippet object has signer key pair as object attribute (`_skp`) and when jwt generation
# is done jwt automatically is signed by this key pair (and `iat` is also set to current time).
ac = op.create_account("my_account")
ac.claims.name = "rewrite_name"
ac.claims.nats.exports.append(Export("my_export", "MY.CUSTOM.SUBJECT.>"))
# JWT for any snippet is generated by calling `jwt` property-method
jwt: str = ac.jwt
# now we can verify this jwt by calling `verify` operator method
if op.verify(jwt):
print("account JWT is valid")
else:
# should not happen :D
print("account JWT is invalid")
us = ac.create_user("my_user")
if ac.verify(us.jwt):
print("user JWT is valid")
else:
# should not happen :D
print("user JWT is invalid")
LICENSE
This library is licensed under the same LICENSE as the NATS's go library
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
nats_jwt-0.2.0.tar.gz
(21.3 kB
view hashes)
Built Distribution
nats_jwt-0.2.0-py3-none-any.whl
(31.6 kB
view hashes)
