Minimal, secure JWT/JWE + RBAC for FastAPI. Provides decorators and utilities for secure, role-based access control in modern Python web APIs.
Project description
python-json-rbac
Minimal, secure JWT/JWE + RBAC for FastAPI. Provides decorators and utilities for secure, role-based access control in modern Python web APIs.
Overview
python-json-rbac provides decorators and utilities for secure, role-based access control (RBAC) in modern Python web APIs. It supports JWT and JWE tokens, integrates with FastAPI, and is designed for modular, scalable, and secure backend architectures.
Features
- JWT and optional JWE (encrypted JWT) support
- Role-based access control (RBAC) decorators
- FastAPI dependency integration
- Modular, service-oriented design
- Secure defaults and environment-based configuration
- Support for multiple user roles
- Extensible for custom permission logic
Installation
pip install python-json-rbac
Configuration
Set the following environment variables:
JWT_SECRET: Secret key for signing JWTs (required)JWT_ALGORITHM: Algorithm for JWT signing (HS256orRS256, default:HS256)JWT_PRIVATE_KEY_PATH: Path to private key for RS256 (optional)JWT_PUBLIC_KEY_PATH: Path to public key for RS256 (optional)JWT_ENABLE_JWE: Enable JWE encryption (true/false, default:false)JWT_EXPIRE_MINUTES: Access token expiration in minutes (default:30)
Usage Example
from python_json_rbac.auth import create_access_token, verify_token
from python_json_rbac.core import RBAC
from python_json_rbac.decorators import rbac_protect
# Define roles and permissions
rules = {
"admin": {"permissions": ["user:create", "user:read", "user:update", "user:delete"]},
"editor": {"permissions": ["user:read", "user:update"]},
"viewer": {"permissions": ["user:read"]}
}
rbac = RBAC(rules)
# Create a token
user_id = "user123"
roles = ["admin"]
token_data = {"sub": user_id, "role": roles}
access_token = create_access_token(data=token_data)
# Protect FastAPI endpoints
from fastapi import FastAPI, Depends
app = FastAPI()
@app.get("/admin")
@rbac_protect(role="admin")
def admin_dashboard(user=Depends(get_current_user)):
return {"message": f"Welcome, {user['sub']}!"}
Testing
To run tests:
pip install pytest
pytest
Contributing
Contributions are welcome! Please open issues or submit pull requests on GitHub.
License
LGPL-2.1-only. See LICENSE for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file python_json_rbac-0.2.0.tar.gz.
File metadata
- Download URL: python_json_rbac-0.2.0.tar.gz
- Upload date:
- Size: 16.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a33fd861b2ca30a11ae361f7ce3f3965ed95f89c7462866d592100d0263425e8
|
|
| MD5 |
7f9848d855593eb4f522064513096f3b
|
|
| BLAKE2b-256 |
e12149787693abc4b8c26e28ced1af4c923c7300a76793989b4506b4d1f9b7a1
|
File details
Details for the file python_json_rbac-0.2.0-py3-none-any.whl.
File metadata
- Download URL: python_json_rbac-0.2.0-py3-none-any.whl
- Upload date:
- Size: 17.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f2309dad8ca8a09ccf1bfc1c66dd3a06aa88698328a8cd913489e37912fd7cbc
|
|
| MD5 |
56131415bbdcab69a1bddc4758d4f61e
|
|
| BLAKE2b-256 |
aace62b0579a9527c482c5e95d99dac8eb808dfd54354feed577626da959667c
|
