A JSON Web Token Middleware for Starlette
Project description
starlette-jwt
JWT Middleware for the pythonic Starlette API framework
starlette-jwt
JSON Web Token Middleware for use with Starlette framework.
Installation
$ pip install starlette-jwt
Alternatively, install through pipenv.
$ pipenv install starlette-jwt
Usage
Register the Middleware with your app.
from starlette.applications import Starlette
from starlette_jwt import JWTAuthenticationBackend
from starlette.middleware.authentication import AuthenticationMiddleware
app = Starlette()
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', prefix='JWT'))
Access the JWT payload in a request, Enforce handlers to be with authentication.
The @authentication_required
decorator will enforce the user to be logged in for that route. Meanwhile the @anonymous_allowed
will allow anonymous users to hit the route.
The default behavior is @anonymous_allowed
so your code be explicit.
from starlette.authentication import requires
def my_handler(request):
@app.route('/noauth')
@requires('authenticated')
async def homepage(request):
return JSONResponse({'payload': request.session})
Not all handlers must be with authentication
@app.route('/noauth')
async def homepage(request):
return JSONResponse({'payload': None})
Settings
secret_key
Store your secret key in this setting while creating the middleware:
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='MY SECRET KEY'))
algorithm
Configures the jwt algorithm to use (defaults to "HS256", "RSA256" available):
public_key = b'-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEAC...'
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key=public_key, algorithm='RS256'))
NOTE: In order to make starlette-jwt with the RSA256 Algorithm, you must have the package cryptography>=2.7
prefix
Change the Authorization header prefix string (defaults to "JWT"):
# Example: changes the prefix to Bearer
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', prefix='Bearer'))
username_field
The user name field in the JWT token payload:
# Example: changes the username field to "user"
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', username_field='user'))
audience
The audience field in the JWT token is validated:
# Example: changes the username field to "user"
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', username_field='user', audience='test_aud'))
options
The options set to ignore audience verification:
# Example: changes the username field to "user"
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', username_field='user', options={"verify_aud": False}))
Todo
- Support JWT token standard payload
Developing
This project uses pipenv
to manage its development environment, and pytest
as its tests runner. To install development dependencies:
pipenv install --dev
To run tests:
pipenv shell
pytest
This project uses Codecov to enforce code coverage on all pull requests. To run tests locally and output a code coverage report, run:
pipenv shell
pytest --cov=starlette_test/
Deploying new version to pypi (Maintainers)
python3.7 setup.py sdist
twine upload --repository-url https://pypi.org/legacy/ dist/*
Thanks
- Starlette project - https://github.com/encode/starlette
- apistar-jwt project - https://github.com/audiolion/apistar-jwt
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file starlette_jwt-0.1.9.tar.gz
.
File metadata
- Download URL: starlette_jwt-0.1.9.tar.gz
- Upload date:
- Size: 4.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.8.3
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | f608b17e596e8a12272027c26f2263ef71adee27f0e54e889f7979989d21b4e0 |
|
MD5 | bcdb4324c11362195189dac81a2678df |
|
BLAKE2b-256 | 77f37811f1373d7d7aaf54f08bd06229ed61aaa802eba58931b6f2e9b4a619b0 |