clear-skies 1.19.20__py3-none-any.whl → 1.19.21__py3-none-any.whl

{clear_skies-1.19.20.dist-info → clear_skies-1.19.21.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: clear-skies
-Version: 1.19.20
+Version: 1.19.21
 Summary: A framework for building backends in the cloud
 Home-page: https://github.com/cmancone/clearskies
 License: MIT
@@ -15,12 +15,14 @@ Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
 Provides-Extra: jose
+Provides-Extra: jwcrypto
 Provides-Extra: mysql
 Provides-Extra: secrets
 Requires-Dist: akeyless (>=3.6.2,<4.0.0) ; extra == "secrets"
 Requires-Dist: akeyless-cloud-id (>=0.2.3,<0.3.0) ; extra == "secrets"
 Requires-Dist: dateparser (>=1.1.8,<2.0.0)
 Requires-Dist: jose (>=1.0.0,<2.0.0) ; extra == "jose"
+Requires-Dist: jwcrypto (>=1.5.6,<2.0.0) ; extra == "jwcrypto"
 Requires-Dist: pymysql (>=1.1.0,<2.0.0) ; extra == "mysql"
 Requires-Dist: requests (>=2.31.0,<3.0.0)
 Project-URL: Repository, https://github.com/cmancone/clearskies

{clear_skies-1.19.20.dist-info → clear_skies-1.19.21.dist-info}/RECORD

@@ -1,10 +1,11 @@
 clearskies/__init__.py,sha256=Iz_VxSgiqM6VtGXoUsB_yVKFy_uWvcf071w803wJ8EE,832
 clearskies/application.py,sha256=_gYGIUGdVE5fAS9dwxRZ1gDpDjqGo7-twVt_VxI6XVE,966
-clearskies/authentication/__init__.py,sha256=sAU6m9c8cJECfLa-hY-BxsSk5FVLb5Dvphb5u6AmULA,710
+clearskies/authentication/__init__.py,sha256=pHKJOfujgvNAbgzQpKVzEhWORwjAZTE4jKhJ50M7zts,900
 clearskies/authentication/auth0_jwks.py,sha256=bzqNaEoG_iPndwttRXuaKpgkDtgOCLAooyifl0I0ACI,4447
 clearskies/authentication/auth_exception.py,sha256=8Tay3Sim2K8vAZ6ldisSJyRyN0cwX7iyGHwfglSKW_A,41
 clearskies/authentication/authorization.py,sha256=eLzBrXMNr1gYoIBZTd8I6uH3R0CfMMjhvimkJt4Amrs,601
 clearskies/authentication/jwks.py,sha256=JsBG4U7eGoKO75CV6J39d91lrVWtjVn6n8fN9RpCYEc,2811
+clearskies/authentication/jwks_jwcrypto.py,sha256=Oq3lID1nXSSaBnmxzpz1TSByvyNbanUHNAmdqDsuM6k,1219
 clearskies/authentication/public.py,sha256=zNpglAILTU7koz22YaGpMOAtTn_dG8dAP4Q9REdbaOk,630
 clearskies/authentication/secret_bearer.py,sha256=OBkjvw4n-ZLRRtZEKyzdael03DYIwacvUxrj5V9h0Ow,2968
 clearskies/autodoc/__init__.py,sha256=JRUAmd0he8iGlgiZvxewLMIXJqnOFEdvlaKAtHpC2lo,124
@@ -199,7 +200,7 @@ clearskies/tests/simple_api/models/__init__.py,sha256=nUA0W6fgXw_Bxa9CudkaDkC80t
 clearskies/tests/simple_api/models/status.py,sha256=PEhPbaQh5qdUNHp8O0gz91LOLENAEBtqSaHxUPXchaM,699
 clearskies/tests/simple_api/models/user.py,sha256=5_P4Tp1tTdX7PkMJ__epPM5MA7JAeVYGas69vcWloLc,819
 clearskies/tests/simple_api/users_api.py,sha256=KYXCgEofDxHeRdQK67txN5oYUPvxxmB8JTku7L-apk4,2344
-clear_skies-1.19.20.dist-info/LICENSE,sha256=3Ehd0g3YOpCj8sqj0Xjq5qbOtjjgk9qzhhD9YjRQgOA,1053
-clear_skies-1.19.20.dist-info/METADATA,sha256=pGY_Nr8VLrTIxGc4KnBhrQscpkNiSxDDPMY1JyIqLH0,1624
-clear_skies-1.19.20.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
-clear_skies-1.19.20.dist-info/RECORD,,
+clear_skies-1.19.21.dist-info/LICENSE,sha256=3Ehd0g3YOpCj8sqj0Xjq5qbOtjjgk9qzhhD9YjRQgOA,1053
+clear_skies-1.19.21.dist-info/METADATA,sha256=bfO7PgqWiYWKhHbfeXfUeXfN3Ku9UVvKNYkAyKLh1rI,1712
+clear_skies-1.19.21.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
+clear_skies-1.19.21.dist-info/RECORD,,

clearskies/authentication/__init__.py

@@ -4,6 +4,7 @@ from .public import Public
 from .auth0_jwks import Auth0JWKS
 from .authorization import Authorization
 from .jwks import JWKS
+from .jwks_jwcrypto import JWKSJwCrypto
 
 
 def public():
@@ -22,6 +23,10 @@ def jwks(jwks_url, **kwargs):
     return BindingConfig(JWKS, jwks_url=jwks_url, **kwargs)
 
 
+def jwks_jwcrypto(jwks_url, **kwargs):
+    return BindingConfig(JWKSJwCrypto, jwks_url=jwks_url, **kwargs)
+
+
 __all__ = [
     "Authorization",
     "BindingConfig",
@@ -34,4 +39,6 @@ __all__ = [
     "authorization",
     "jwks",
     "JWKS",
+    "jwks_jwcrypto",
+    "JWKSJwCrypto",
 ]

clearskies/authentication/jwks_jwcrypto.py

@@ -0,0 +1,39 @@
+import datetime
+import json
+
+from clearskies.authentication import JWKS
+from clearskies.handlers.exceptions import ClientError
+
+
+class JWKSJwCrypto(JWKS):
+    def __init__(self, environment, requests):
+        # the third parameter is supposed to be jose_jwt, but we're going to override all
+        # the functions that use it
+        super().__init__(environment, requests, {})
+
+    def validate_jwt(self, raw_jwt):
+        from jwcrypto import jws, jwk, jwt
+        from jwcrypto.common import JWException
+
+        keys = jwk.JWKSet()
+        keys.import_keyset(json.dumps(self._get_jwks()))
+
+        client_jwt = jwt.JWT()
+        try:
+            client_jwt.deserialize(raw_jwt)
+        except Exception as e:
+            raise ClientError(str(e))
+
+        try:
+            client_jwt.validate(keys)
+            self.jwt_claims = json.loads(client_jwt.claims)
+        except JWException as e:
+            raise ClientError(str(e))
+
+        if self._audience and self.jwt_claims.get("aud") != self._audience:
+            raise ClientError("Audience does not match")
+
+        if self._issuer and self.jwt_claims.get("iss") != self._issuer:
+            raise ClientError("Issuer does not match")
+
+        return True