clear-skies 1.19.21__py3-none-any.whl → 1.19.23__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of clear-skies might be problematic. Click here for more details.
- {clear_skies-1.19.21.dist-info → clear_skies-1.19.23.dist-info}/METADATA +1 -1
- {clear_skies-1.19.21.dist-info → clear_skies-1.19.23.dist-info}/RECORD +6 -6
- clearskies/authentication/jwks.py +13 -0
- clearskies/authentication/jwks_jwcrypto.py +15 -3
- {clear_skies-1.19.21.dist-info → clear_skies-1.19.23.dist-info}/LICENSE +0 -0
- {clear_skies-1.19.21.dist-info → clear_skies-1.19.23.dist-info}/WHEEL +0 -0
|
@@ -4,8 +4,8 @@ clearskies/authentication/__init__.py,sha256=pHKJOfujgvNAbgzQpKVzEhWORwjAZTE4jKh
|
|
|
4
4
|
clearskies/authentication/auth0_jwks.py,sha256=bzqNaEoG_iPndwttRXuaKpgkDtgOCLAooyifl0I0ACI,4447
|
|
5
5
|
clearskies/authentication/auth_exception.py,sha256=8Tay3Sim2K8vAZ6ldisSJyRyN0cwX7iyGHwfglSKW_A,41
|
|
6
6
|
clearskies/authentication/authorization.py,sha256=eLzBrXMNr1gYoIBZTd8I6uH3R0CfMMjhvimkJt4Amrs,601
|
|
7
|
-
clearskies/authentication/jwks.py,sha256=
|
|
8
|
-
clearskies/authentication/jwks_jwcrypto.py,sha256=
|
|
7
|
+
clearskies/authentication/jwks.py,sha256=AOrCkL7pVznTM6mbrQ3RVHCccws0b_yEtqEOe6NRw5k,3368
|
|
8
|
+
clearskies/authentication/jwks_jwcrypto.py,sha256=PqyQNJZY7P98qgdxNltwCWoPxsaWLDqPuMknB4u2mDc,1732
|
|
9
9
|
clearskies/authentication/public.py,sha256=zNpglAILTU7koz22YaGpMOAtTn_dG8dAP4Q9REdbaOk,630
|
|
10
10
|
clearskies/authentication/secret_bearer.py,sha256=OBkjvw4n-ZLRRtZEKyzdael03DYIwacvUxrj5V9h0Ow,2968
|
|
11
11
|
clearskies/autodoc/__init__.py,sha256=JRUAmd0he8iGlgiZvxewLMIXJqnOFEdvlaKAtHpC2lo,124
|
|
@@ -200,7 +200,7 @@ clearskies/tests/simple_api/models/__init__.py,sha256=nUA0W6fgXw_Bxa9CudkaDkC80t
|
|
|
200
200
|
clearskies/tests/simple_api/models/status.py,sha256=PEhPbaQh5qdUNHp8O0gz91LOLENAEBtqSaHxUPXchaM,699
|
|
201
201
|
clearskies/tests/simple_api/models/user.py,sha256=5_P4Tp1tTdX7PkMJ__epPM5MA7JAeVYGas69vcWloLc,819
|
|
202
202
|
clearskies/tests/simple_api/users_api.py,sha256=KYXCgEofDxHeRdQK67txN5oYUPvxxmB8JTku7L-apk4,2344
|
|
203
|
-
clear_skies-1.19.
|
|
204
|
-
clear_skies-1.19.
|
|
205
|
-
clear_skies-1.19.
|
|
206
|
-
clear_skies-1.19.
|
|
203
|
+
clear_skies-1.19.23.dist-info/LICENSE,sha256=3Ehd0g3YOpCj8sqj0Xjq5qbOtjjgk9qzhhD9YjRQgOA,1053
|
|
204
|
+
clear_skies-1.19.23.dist-info/METADATA,sha256=VMOL8V_K1hg1iEQoS8P7Wi8JUii5BikVafGmKUrqA0A,1712
|
|
205
|
+
clear_skies-1.19.23.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
|
|
206
|
+
clear_skies-1.19.23.dist-info/RECORD,,
|
|
@@ -7,6 +7,7 @@ class JWKS(Auth0JWKS):
|
|
|
7
7
|
_audience = None
|
|
8
8
|
_jwks_url = None
|
|
9
9
|
_jwks_cache_time = None
|
|
10
|
+
_authorization_url = None
|
|
10
11
|
|
|
11
12
|
def __init__(self, environment, requests, jose_jwt):
|
|
12
13
|
super().__init__(environment, requests, jose_jwt)
|
|
@@ -18,6 +19,7 @@ class JWKS(Auth0JWKS):
|
|
|
18
19
|
audience=None,
|
|
19
20
|
issuer=None,
|
|
20
21
|
documentation_security_name=None,
|
|
22
|
+
authorization_url=None,
|
|
21
23
|
jwks_cache_time=86400,
|
|
22
24
|
):
|
|
23
25
|
self._audience = audience
|
|
@@ -28,6 +30,7 @@ class JWKS(Auth0JWKS):
|
|
|
28
30
|
raise ValueError("Must provide 'jwks_url' when using JWKS authentication")
|
|
29
31
|
self._algorithms = ["RS256"] if algorithms is None else algorithms
|
|
30
32
|
self._documentation_security_name = documentation_security_name
|
|
33
|
+
self._authorization_url = authorization_url if authorization_url else ""
|
|
31
34
|
|
|
32
35
|
def authenticate(self, input_output):
|
|
33
36
|
auth_header = input_output.get_request_header("authorization", True)
|
|
@@ -73,3 +76,13 @@ class JWKS(Auth0JWKS):
|
|
|
73
76
|
self._jwks_fetched = now
|
|
74
77
|
|
|
75
78
|
return self._jwks
|
|
79
|
+
|
|
80
|
+
def documentation_security_scheme(self):
|
|
81
|
+
return {
|
|
82
|
+
"type": "oauth2",
|
|
83
|
+
"description": "JWT based authentication",
|
|
84
|
+
"flows": {"implicit": {"authorizationUrl": self._authorization_url, "scopes": {}}},
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
def documentation_security_scheme_name(self):
|
|
88
|
+
return self._documentation_security_name if self._documentation_security_name is not None else "jwt"
|
|
@@ -30,10 +30,22 @@ class JWKSJwCrypto(JWKS):
|
|
|
30
30
|
except JWException as e:
|
|
31
31
|
raise ClientError(str(e))
|
|
32
32
|
|
|
33
|
-
if self._audience and self.jwt_claims.get("aud") != self._audience:
|
|
34
|
-
raise ClientError("Audience does not match")
|
|
35
|
-
|
|
36
33
|
if self._issuer and self.jwt_claims.get("iss") != self._issuer:
|
|
37
34
|
raise ClientError("Issuer does not match")
|
|
38
35
|
|
|
36
|
+
if self._audience:
|
|
37
|
+
jwt_audience = self.jwt_claims.get("aud")
|
|
38
|
+
if not jwt_audience:
|
|
39
|
+
raise ClientError("Audience does not match")
|
|
40
|
+
if isinstance(jwt_audience, str):
|
|
41
|
+
jwt_audience = [jwt_audience]
|
|
42
|
+
if not isinstance(jwt_audience, list):
|
|
43
|
+
raise ClientError("I don't understand the audience in that JWT")
|
|
44
|
+
has_match = False
|
|
45
|
+
for audience in jwt_audience:
|
|
46
|
+
if audience == self._audience:
|
|
47
|
+
has_match = True
|
|
48
|
+
if not has_match:
|
|
49
|
+
raise ClientError("Audience does not match")
|
|
50
|
+
|
|
39
51
|
return True
|
|
File without changes
|
|
File without changes
|