A simple token-based auth plugin for Sanic
Project description
Gotta get your API protected!
=============================
Token-based authentication is the most common way of protecting your APIs from unwanted folk.
Sometimes you need to do things _fast_ (you know, get it to prod _yesterday_)
and you do not really have time to implement a proper authentication layer.
Okay, are you fine with a temporary solution? There's nothing more permanent than temporary, right.
If you can:
* provide a simple async token verifier (say, checking it in memcached or Redis)
or
* hard-code a token in your app prototype,
and also
* sent the token in a request header
- then we are ready to go.
## Usage example
```python
from sanic import Sanic
from sanic.response import text
from sanic_token_auth import SanicTokenAuth
app = Sanic()
auth = SanicTokenAuth(app, secret_key='utee3Quaaxohh1Oo', header='X-My-App-Auth-Token')
@app.route("/")
async def index(request):
return text("Go to /protected")
@app.route("/protected")
@auth.auth_required
async def protected(request):
return text("Welcome!")
if __name__ == "__main__":
app.run(host="0.0.0.0", port=8000, debug=True)
```
And let's try it:
```bash
$ curl http://localhost:8000/protected -H "X-My-App-Auth-Token: utee3Quaaxohh1Oo"
Welcome!
```
If you omit the `header` argument, you can instead send a token in either
`Authorization: Bearer <yourtoken>` or `Authorization: Token <yourtoken>`
header.
-----
TODO:
[ ] Document `token_verifier` and implement examples of using of
[ ] Implement "protect all" behaviour
=============================
Token-based authentication is the most common way of protecting your APIs from unwanted folk.
Sometimes you need to do things _fast_ (you know, get it to prod _yesterday_)
and you do not really have time to implement a proper authentication layer.
Okay, are you fine with a temporary solution? There's nothing more permanent than temporary, right.
If you can:
* provide a simple async token verifier (say, checking it in memcached or Redis)
or
* hard-code a token in your app prototype,
and also
* sent the token in a request header
- then we are ready to go.
## Usage example
```python
from sanic import Sanic
from sanic.response import text
from sanic_token_auth import SanicTokenAuth
app = Sanic()
auth = SanicTokenAuth(app, secret_key='utee3Quaaxohh1Oo', header='X-My-App-Auth-Token')
@app.route("/")
async def index(request):
return text("Go to /protected")
@app.route("/protected")
@auth.auth_required
async def protected(request):
return text("Welcome!")
if __name__ == "__main__":
app.run(host="0.0.0.0", port=8000, debug=True)
```
And let's try it:
```bash
$ curl http://localhost:8000/protected -H "X-My-App-Auth-Token: utee3Quaaxohh1Oo"
Welcome!
```
If you omit the `header` argument, you can instead send a token in either
`Authorization: Bearer <yourtoken>` or `Authorization: Token <yourtoken>`
header.
-----
TODO:
[ ] Document `token_verifier` and implement examples of using of
[ ] Implement "protect all" behaviour
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file sanic_token_auth-0.1.0.tar.gz.
File metadata
- Download URL: sanic_token_auth-0.1.0.tar.gz
- Upload date:
- Size: 3.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7dcd5e8eac6f1420a083bd35fc03c3631f68fd2480142b2defb0a4105dde3127 |
|
| MD5 | 3b86adde0c37181da367212f3bea3d42 |
|
| BLAKE2b-256 | 4afcedbac9cbebda379f0ce522933ec22cae2a6e9aa0fd583694cb1cad504287 |
