Skip to main content

A JSON Web Token Middleware for Starlette

Project description

starlette-jwt

JWT Middleware for the pythonic Starlette API framework

starlette-jwt

pypi travis codecov

JSON Web Token Middleware for use with Starlette framework.

Installation

$ pip install starlette-jwt

Alternatively, install through pipenv.

$ pipenv install starlette-jwt

Usage

Register the Middleware with your app.

from starlette.applications import Starlette
from starlette_jwt import JWTAuthenticationBackend
from starlette.middleware.authentication import AuthenticationMiddleware

app = Starlette()
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', prefix='JWT'))

Access the JWT payload in a request, Enforce handlers to be with authentication.

The @authentication_required decorator will enforce the user to be logged in for that route. Meanwhile the @anonymous_allowed will allow anonymous users to hit the route.

The default behavior is @anonymous_allowed so your code be explicit.

from starlette.authentication import requires

def my_handler(request):
@app.route('/noauth')
@requires('authenticated')
async def homepage(request):
    return JSONResponse({'payload': request.session})

Not all handlers must be with authentication

@app.route('/noauth')
async def homepage(request):
    return JSONResponse({'payload': None})

Settings

secret_key

Store your secret key in this setting while creating the middleware:

app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='MY SECRET KEY'))

algorithm

Configures the jwt algorithm to use (defaults to "HS256", "RSA256" available):

public_key = b'-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEAC...'
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key=public_key, algorithm='RS256'))

NOTE: In order to make starlette-jwt with the RSA256 Algorithm, you must have the package cryptography>=2.7

prefix

Change the Authorization header prefix string (defaults to "JWT"):

# Example: changes the prefix to Bearer
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', prefix='Bearer'))

username_field

The user name field in the JWT token payload:

# Example: changes the username field to "user"
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', username_field='user'))

audience

The audience field in the JWT token is validated:

# Example: changes the username field to "user"
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', username_field='user', audience='test_aud'))

options

The options set to ignore audience verification:

# Example: changes the username field to "user"
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', username_field='user', options={"verify_aud": False}))

Todo

  • Support JWT token standard payload

Developing

This project uses pipenv to manage its development environment, and pytest as its tests runner. To install development dependencies:

pipenv install --dev

To run tests:

pipenv shell
pytest

This project uses Codecov to enforce code coverage on all pull requests. To run tests locally and output a code coverage report, run:

pipenv shell
pytest --cov=starlette_test/

Deploying new version to pypi (Maintainers)

python3.7 setup.py sdist
twine upload --repository-url https://pypi.org/legacy/ dist/*

Thanks

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

starlette_jwt-0.1.9.tar.gz (4.3 kB view details)

Uploaded Source

File details

Details for the file starlette_jwt-0.1.9.tar.gz.

File metadata

  • Download URL: starlette_jwt-0.1.9.tar.gz
  • Upload date:
  • Size: 4.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.8.3

File hashes

Hashes for starlette_jwt-0.1.9.tar.gz
Algorithm Hash digest
SHA256 f608b17e596e8a12272027c26f2263ef71adee27f0e54e889f7979989d21b4e0
MD5 bcdb4324c11362195189dac81a2678df
BLAKE2b-256 77f37811f1373d7d7aaf54f08bd06229ed61aaa802eba58931b6f2e9b4a619b0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page