No project description provided
Project description
A new signed-cookie implementation for Beaker Sessions
Features
- so much safer than default Pickle serialization
- serialize with BSON and compress, so more datatypes supported than JSON (optional)
- multiple keys, so you can rotate them
- stronger hash algorithm (SHA256)
- backwards compatible reads/writes with original pickle-based beaker session cookies
- JWT for signing (although not much else of JWT is implemented)
Install
pip install 'beaker-session-jwt'
Usage
See beaker docs for general implementation. Specify using this class:
from beaker_session_jwt import JWTCookieSession
app = SessionMiddleware(app, config, session_class=JWTCookieSession)
Additional config options
See Beaker docs for main config options, many of which apply to this class too.
jwt_secret_keysrequired. One or more comma-separated keys- generate a key with
python -c 'import secrets; print(secrets.token_hex());' - multiple signing keys are supported, so you can rotate them. The first one in the list will be used for writing, the rest will be permitted for verifying.
- generate a key with
bson_compress_jwt_payloaddefault True- serializing with BSON and compressing with zlib, to allow for types like datetime, bytes, etc to be stored which JSON cannot store. This is stored all in a single JWT field, so JWT is hardly being used, just for signatures really
read_original_formatdefault False- set to true to read original beaker signed cookies. Allows for backward compatibility and transition periods
- after a transition period, make sure to set this back to False
original_format_validate_keyrequired ifread_original_formatoriginal_format_data_serializeroriginal_format_remove_keysoptional comma-separated list- if your old sessions have values that pickle supported, but don't work any more, list the session keys here. They will be removed but the rest of the session will be preserved.
write_original_formatdefault False- set to true if you have many servers/processes and need to roll this out gradually. Then later set to False when all processes are ready.
Non-Features
- no encrypted cookies (could be possible with JWT though)
- JWT payload/claim fields (
iss,sub,exp, etc) are not used or verified. Instead, this uses the fields that a beaker CookieSession has, for maximum backwards compatibility and simplicity. - pymongo/bson is always required even with
bson_compress_jwt_payload=False
License
Apache License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file beaker-session-jwt-1.0.0.tar.gz.
File metadata
- Download URL: beaker-session-jwt-1.0.0.tar.gz
- Upload date:
- Size: 4.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | dd166fb479eb3db29efc665e4e2914dd66725a5577f9cab1225c3b0bd9094d0c |
|
| MD5 | 654f71e3f3112a30f0b42ee820d3d076 |
|
| BLAKE2b-256 | 2ddbbb6aba020d1a52862c0ea99a8c7e19de52e414e73e0b03fcd24fb8fdece1 |
File details
Details for the file beaker_session_jwt-1.0.0-py3-none-any.whl.
File metadata
- Download URL: beaker_session_jwt-1.0.0-py3-none-any.whl
- Upload date:
- Size: 5.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 22243a27a89e1e32b2217fe89e97d072de9a61d2f7a4d911b185b7c1460b6193 |
|
| MD5 | 014450d6c18892348b1723e8df6ea405 |
|
| BLAKE2b-256 | f665a3f3714278579cce12e9e212c62d73d749cced7369696a6336df5c33829d |
