Project description

requests-jwtauth

Authenticator plugins for Requests that support JWT bearer tokens.

Description

This package contains two classes, HTTPBearerAuth and JWTSecretAuth, that implement the AuthBase interface from the Requests package. The HTTPBearerAuth class takes a single bearer token value at initialization, and adds that to an Authorization: Bearer header. The JWTSecretAuth class takes a shared secret, and uses that to generate and sign short-lived JWT tokens to be added to an Authorization: Bearer request header. By default, these tokens are valid for 1 hour (3600 seconds), and may contain arbitrary JWT claims in their payload.

Dependencies

Python 3.8+
Requests
JWCrypto

Installation

pip install requests-jwtauth

Usage

HTTPBearerAuth

import requests
from requests_jwtauth import HTTPBearerAuth

# send a request with a pre-obtained bearer token
my_token = '...'
r = requests.get('http://example.com', auth=HTTPBearerAuth(my_token))

JWTSecretAuth

import requests
from requests_jwtauth import JWTSecretAuth

# use a shared secret to generate (and automatically regenerate)
# short-lived JWT bearer tokens

secret_auth = JWTSecretAuth(
    # shared secret with the service that requires authentication
    secret='...',
    # JWT claims to place in the token payload
    # this class takes care of providing the 'exp' (expiration time) key
    claims={
        'sub': '...'
    },
    # Time-To-Live, in seconds; default is 3600 (i.e., 1 hour)
    ttl=3600,
    # instead of waiting for it to actually expire,
    # renew the token whenever the remaining time-to-live is
    # less than this number of seconds; default is 60
    expiration_buffer=60,
    # signing algorithm to use; defaults to H256
    signing_algorithm='H256'
)

r = requests.get('http://example.com', auth=secret_auth)

Development Setup

git clone git@github.com:umd-lib/requests-jwtauth.git
cd requests-jwtauth
pyenv install $(cat .python-version) --skip-existing
python -m venv .venv --prompt "requests-jwtauth-py$(cat .python-version)"
source .venv/bin/activate
pip install -e .[test]

Testing

Using pytest:

pytest

With test coverage information:

pytest --cov-report=term-missing --cov src

Project details

These details have not been verified by PyPI

Project links

Repository

Release history Release notifications | RSS feed

This version

1.0.1

Jan 4, 2024

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

requests-jwtauth-1.0.1.tar.gz (8.1 kB view details)

Uploaded Jan 4, 2024 Source

Built Distribution

requests_jwtauth-1.0.1-py3-none-any.whl (7.7 kB view details)

Uploaded Jan 4, 2024 Python 3

File details

Details for the file requests-jwtauth-1.0.1.tar.gz.

File metadata

Download URL: requests-jwtauth-1.0.1.tar.gz
Upload date: Jan 4, 2024
Size: 8.1 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.12.0

File hashes

Hashes for requests-jwtauth-1.0.1.tar.gz
Algorithm	Hash digest
SHA256	`4a33957dfb1f2dbe1609932b8bb78324b20a82304fb6229f992de3638b4f01c2`
MD5	`3ee1fac0e55d1550794810bede0d0bcf`
BLAKE2b-256	`b3739d7a1295975765a0890149f7b61e024c764ec7bb1df5c56c18b206532033`

See more details on using hashes here.

File details

Details for the file requests_jwtauth-1.0.1-py3-none-any.whl.

File metadata

Download URL: requests_jwtauth-1.0.1-py3-none-any.whl
Upload date: Jan 4, 2024
Size: 7.7 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.12.0

File hashes

Hashes for requests_jwtauth-1.0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`2358b346b92f3692d90bec1bfc700df568ef8fbcc7e75ebf1fc772b35bb7ee94`
MD5	`6954085579e784efbefa4af20c729eda`
BLAKE2b-256	`b9a7344c4620cb4f41e555a4d7d2405098a9b5eb7eb277a63e61a97b358772e8`