Skip to main content

JWKS-based JWT verification middleware for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_middleware_jwksverifier Discord

Swarmauri Middleware JWKS Verifier

A middleware component providing JWT verification using a cached JWKS with TTL and LRU eviction.

Features

  • Parses RSA, EC, Ed25519, and HMAC keys from JWKS documents (RFC 7517).
  • Thread-safe cache with configurable TTL refresh and LRU eviction limits.
  • Optional constructor guards for allowed algorithms and issuer values.
  • Manual cache controls for forced refreshes, invalidation, and overrides.

Installation

Install the package with your preferred Python packaging tool:

pip install swarmauri_middleware_jwksverifier
poetry add swarmauri_middleware_jwksverifier
uv pip install swarmauri_middleware_jwksverifier

Quickstart

CachedJWKSVerifier expects a callable that returns a JWKS document. The fetch callback is invoked whenever the cache expires (default ttl_s=300 seconds) or when a forced refresh is requested.

The verifier exposes a verify helper that performs signature validation and standard PyJWT checks. Pass the algorithms you are willing to accept by supplying the algorithms_whitelist parameter on every verification call. If you do not provide an explicit issuer, the first value from allowed_issuers (if configured during construction) is used.

import base64

import jwt

from swarmauri_middleware_jwksverifier import CachedJWKSVerifier

SECRET = b"super-secret-signing-key"


def fetch_jwks() -> dict[str, object]:
    return {
        "keys": [
            {
                "kty": "oct",
                "kid": "demo",
                "k": base64.urlsafe_b64encode(SECRET).rstrip(b"=").decode("ascii"),
                "alg": "HS256",
            }
        ]
    }


verifier = CachedJWKSVerifier(fetch=fetch_jwks, ttl_s=60)

token = jwt.encode(
    {"sub": "user-123", "aud": "example-service"},
    SECRET,
    algorithm="HS256",
    headers={"kid": "demo"},
)

claims = verifier.verify(
    token,
    algorithms_whitelist=["HS256"],
    audience="example-service",
)

print(claims["sub"])

Cache management helpers

  • refresh(force: bool = False) ? trigger a JWKS refresh immediately when force is true or the cache has expired.
  • invalidate(kid: Optional[str] = None) ? drop either a specific key or the entire cache, including overrides.
  • inject_override_key(kid, key_obj) / inject_override_jwk(kid, jwk) ? add temporary key material that bypasses JWKS fetching when resolving by kid.
  • key_resolver() ? obtain a callable suitable for advanced PyJWT usage when integrating with other verification flows.

Entry Point

The middleware registers under the swarmauri.middlewares entry point as CachedJWKSVerifier.

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_middleware_jwksverifier-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_middleware_jwksverifier-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 9.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_middleware_jwksverifier-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 5bbb1bf01b67bbf3ad2a5ac62c54a8f1fe7b5c7800fa5594d4911bd1e661b754
MD5 df726995dca852ecffdfe71b33d2769a
BLAKE2b-256 ce9d3ee6c8abf7552d803fc0736ac12f7dd46a447182405fcfe7588ba7f98de7

See more details on using hashes here.

File details

Details for the file swarmauri_middleware_jwksverifier-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_middleware_jwksverifier-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 10.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_middleware_jwksverifier-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 5b1ab35b984ed76154c7b0e504d8878c6adf0855fa34c204aeb973db9f3e8cd2
MD5 6aa32d4b1c39fcc9de8f6003f315f0f5
BLAKE2b-256 f53eebe714043ad1217468733cee2538a456c000d6238f27dd67b88b754ab239

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page