Simple, extensible Asynchronous Authnz library
Project description
paella
Simple Asynchronous Auth library
*WARNING*
THIS REPOSITORY CONTAINS SECRETS FOR USE IN TESTING
DO NOT REUSE THESE SECRETS FOR PRODUCTION
requirements
- python >= 3.11 (uses modern union typehints)
dependencies
- pyjwt[crypto] >= 2.8.0"
testing
I deliberately included a test keypair, please see the warning above.
test data
In ./tests/db/test_users.db there is minimal prepopulated data:
sqlite> .schema Users
CREATE TABLE Users (id int primary key not null, email char(128) not null, password char(128) not null);
sqlite> select * from Users;
1|testuser@test.com|a_very_basic_password
2|testuser2@test.com|65332c4349d159ab3d41b8e1a01db7d77928f1b8215fd345e19e5cfe016f468a
testuser2@test.com has a sha256 hash of the following string: salt+basic_password
Usage
Creating auth object
By default uses RSA public/private keys. PyJWT does not have a concept of unencrypted JWTs. This project is designed specifically to rely on asynchronous RSA keypairs, which means that you do not have to use it for authentication, but can use it for authorization so long as the pubkey and the authorization function are properly configured.
Initially you can create an empty auth object (if you so desire) that doesn't really do anything:
from paella import Paella
auth: Paella = Paella()
Authentication (authn) Function
The authentication function takes in an id and a secret and returns a boolean or a dict. If a dict is returned,
that is then used to populate a JWT with custom claims or override the defaults, otherwise the defaults are used
if the value returned is True.
The authentication function itself must have a function signature that matches the below:
async def authn(connection: Any, id: str, secret: str) -> dict | bool:
Authorization (authz) Function
The authorization function takes in a dict and returns a boolean.
The authorization function itself must have a function signature that matches the below:
async def authz(connection: Any, *args, **kwargs) -> bool:
Caveats
uses a passed function to evaluate authentication and authorization, this function can be asynchronous (and probably should be)
This assumes two things - first, that you are setting up a connection object of some sort (if necessary) and secondly that your authentication and authorization functions accurately perform their duties.
For example: it is 100% acceptable to have a authorization function that lools like this:
async def authenticate(cxobj: Any, id: str, secret: str) -> bool:
return True
or
async def authenticate(cxobj: Any, id: str, secret: str) -> bool:
return False
The first will always pass, the second will always fail, being their return values are True and False respectively.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file paella_auth-0.5.0.tar.gz.
File metadata
- Download URL: paella_auth-0.5.0.tar.gz
- Upload date:
- Size: 10.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b169c081e222559ede82636efae32578fbb5194214541447e0921cae0063b771 |
|
| MD5 | 338f38deceea036a2516e7f9c5655f61 |
|
| BLAKE2b-256 | ee5033ea1f99cef20599ccf7d9e35af6ce164c33c999887e2c7e5bceb1eb17fe |
File details
Details for the file paella_auth-0.5.0-py3-none-any.whl.
File metadata
- Download URL: paella_auth-0.5.0-py3-none-any.whl
- Upload date:
- Size: 5.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b1b82e09df3985d591ef3f523194a87ddb71874ee9ad6f6f45643608394f1294 |
|
| MD5 | 72992d243d7159e1061631c504d47d44 |
|
| BLAKE2b-256 | 0c3a0a79e09b1294022147f3dab03d638707d94895158395f3140fa693340d05 |
