Skip to main content

pyramid_jwtauth

Project description

NOTE: This is an early version of the code is the library is likely to change.

This is a Pyramid authenitcation plugin for JSON Web Token (JWT) Authentication:

http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html

To access resources using JWT Access Authentication, the client must have obtained a JWT to make signed requests to the server. This library also makes JSON Web Tokens for the client. The Token can be opaque to client although, unless it is encrypted, the client can read the claims made in the token.

When accessing a protected resource, the server will generate a 401 challenge response with the scheme “JWT” as follows:

> GET /protected_resource HTTP/1.1
> Host: example.com

< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: JWT

The client will use their JWT to build a request signature and include it in the Authorization header like so:

> GET /protected_resource HTTP/1.1
> Host: example.com
> Authorization: JWT token=eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt
 cGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

< HTTP/1.1 200 OK
< Content-Type: text/plain
<
< For your eyes only:  secret data!

(NB depending on the number of claims in the JWT the token can get large. For all practical purposes, it should be kept short.)

This plugin uses the PyJWT library for verifying JWTs:

http://github.com/progrium/pyjwt

Also see the library for generating the JWT for the client in the first place although any language can be used to generate it.

Inspiration

This module is heavily based on (and copied from) the Mozilla Services pyramid_macauth package and macauthlib package:

https://github.com/mozilla-services/pyramid_macauth

https://github.com/mozilla-services/macauthlib

Without it, I would not have been able to make the small number of modifications to this package and get it to work with Pyramid.

Licence

This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

PENDING

  • Initial dev version 0.0.1.dev1.

Forked from https://github.com/mozilla-services/pyramid_macauth version 0.4.0-dev1

0.0.1.dev5

Updated package requires to need PyJWT.

0.0.1.dev4

Updated package so that it can be downloaded for use by Python 3.3/3.4

0.0.1.dev3

Now works properly with RSA keys and fixed issue with not doing a 401 with the appropriate challenge. Dropped support for Python 2.6 and 3.2

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyramid_jwtauth-0.0.1.dev5.tar.gz (17.3 kB view details)

Uploaded Source

File details

Details for the file pyramid_jwtauth-0.0.1.dev5.tar.gz.

File metadata

File hashes

Hashes for pyramid_jwtauth-0.0.1.dev5.tar.gz
Algorithm Hash digest
SHA256 537699f3d7290210e8d2a31fc7da315f35812c4346659c0f4cec91ed0b62a7ef
MD5 1c7cffdffa0d868aafdc11c697b0ab32
BLAKE2b-256 099f12a025bb2237f9d094ecf87368d73fbc17d3e9ac729fefbe2f51e4b6eb76

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page