fastapi-factory-utilities 0.3.3__py3-none-any.whl → 0.8.2__py3-none-any.whl

fastapi_factory_utilities/core/security/abstracts.py

@@ -0,0 +1,42 @@
+"""Provides the security authentication abstract classes."""
+
+from abc import ABC, abstractmethod
+
+from fastapi import Request
+
+
+class AuthenticationAbstract(ABC):
+    """Authentication abstract class."""
+
+    def __init__(self, raise_exception: bool = True) -> None:
+        """Initialize the authentication abstract class.
+
+        Args:
+            raise_exception (bool): Whether to raise an exception or return None.
+        """
+        self._raise_exception: bool = raise_exception
+        self._errors: list[Exception] = []
+
+    def has_errors(self) -> bool:
+        """Check if the authentication has errors.
+
+        Returns:
+            bool: True if the authentication has errors, False otherwise.
+        """
+        return len(self._errors) > 0
+
+    def raise_exception(self, exception: Exception) -> None:
+        """Raise the exception if the authentication has errors.
+
+        Args:
+            exception (Exception): The exception to raise.
+        """
+        if self._raise_exception:
+            raise exception
+        else:
+            self._errors.append(exception)
+
+    @abstractmethod
+    async def authenticate(self, request: Request) -> None:
+        """Authenticate the request."""
+        raise NotImplementedError()

fastapi_factory_utilities/core/security/jwt/__init__.py

@@ -0,0 +1,41 @@
+"""Provides security-related functions for the API."""
+
+from .configs import JWTBearerAuthenticationConfig
+from .decoders import (
+    JWTBearerTokenDecoder,
+    JWTBearerTokenDecoderAbstract,
+)
+from .exceptions import (
+    InvalidJWTError,
+    InvalidJWTPayploadError,
+    JWTAuthenticationError,
+    MissingJWTCredentialsError,
+    NotVerifiedJWTError,
+)
+from .objects import JWTPayload
+from .services import (
+    JWTAuthenticationService,
+    JWTAuthenticationServiceAbstract,
+)
+from .stores import JWKStoreAbstract, JWKStoreMemory
+from .types import OAuth2Scope
+from .verifiers import JWTNoneVerifier, JWTVerifierAbstract
+
+__all__: list[str] = [
+    "InvalidJWTError",
+    "InvalidJWTPayploadError",
+    "JWKStoreAbstract",
+    "JWKStoreMemory",
+    "JWTAuthenticationError",
+    "JWTAuthenticationService",
+    "JWTAuthenticationServiceAbstract",
+    "JWTBearerAuthenticationConfig",
+    "JWTBearerTokenDecoder",
+    "JWTBearerTokenDecoderAbstract",
+    "JWTNoneVerifier",
+    "JWTPayload",
+    "JWTVerifierAbstract",
+    "MissingJWTCredentialsError",
+    "NotVerifiedJWTError",
+    "OAuth2Scope",
+]

fastapi_factory_utilities/core/security/jwt/configs.py

@@ -0,0 +1,32 @@
+"""Provides the configurations for the JWT bearer token."""
+
+from typing import ClassVar
+
+from jwt.algorithms import get_default_algorithms, requires_cryptography
+from pydantic import BaseModel, ConfigDict, Field, field_validator
+
+
+class JWTBearerAuthenticationConfig(BaseModel):
+    """JWT bearer token authentication configuration."""
+
+    model_config: ClassVar[ConfigDict] = ConfigDict(frozen=True, extra="forbid")
+
+    authorized_algorithms: list[str] = Field(
+        default_factory=lambda: list(get_default_algorithms().keys()), description="The authorized algorithms."
+    )
+
+    audience: str = Field(description="The audience to be included in the JWT token.")
+    authorized_audiences: list[str] | None = Field(default=None, description="The authorized audiences.")
+    authorized_issuers: list[str] | None = Field(default=None, description="The authorized issuers.")
+
+    @field_validator("authorized_algorithms")
+    @classmethod
+    def validate_authorized_algorithms(cls, v: list[str]) -> list[str]:
+        """Validate the authorized algorithms."""
+        invalid_algorithms: list[str] = []
+        for algorithm in v:
+            if algorithm not in requires_cryptography:
+                invalid_algorithms.append(algorithm)
+        if invalid_algorithms:
+            raise ValueError(f"Invalid algorithms: {invalid_algorithms}")
+        return v

fastapi_factory_utilities/core/security/jwt/decoders.py

@@ -0,0 +1,130 @@
+"""Provides the JWT bearer token decoders.
+
+Can be implemented to support different JWT bearer token formats or additional claims.
+https://www.iana.org/assignments/jwt/jwt.xhtml#claims
+"""
+
+from abc import ABC, abstractmethod
+from typing import Any, Generic, TypeVar
+
+from jwt import InvalidTokenError, decode, get_unverified_header
+from jwt.api_jwk import PyJWK
+from pydantic import ValidationError
+
+from .configs import JWTBearerAuthenticationConfig
+from .exceptions import InvalidJWTError, InvalidJWTPayploadError
+from .objects import JWTPayload
+from .stores import JWKStoreAbstract
+from .types import JWTToken, OAuth2Subject
+
+JWTBearerPayloadGeneric = TypeVar("JWTBearerPayloadGeneric", bound=JWTPayload)
+
+
+async def decode_jwt_token_payload(
+    jwt_token: JWTToken,
+    public_key: PyJWK,
+    jwt_bearer_authentication_config: JWTBearerAuthenticationConfig,
+    subject: OAuth2Subject | None = None,
+) -> dict[str, Any]:
+    """Decode the JWT bearer token payload.
+
+    Args:
+        jwt_token (JWTToken): The JWT bearer token.
+        public_key (PyJWK): The public key.
+        jwt_bearer_authentication_config (JWTBearerAuthenticationConfig): The JWT bearer authentication configuration.
+        subject (OAuth2Subject | None): The subject.
+
+    Returns:
+        dict[str, Any]: The decoded JWT bearer token payload.
+
+    Raises:
+        JWTBearerTokenDecoderError: If the JWT bearer token is invalid.
+    """
+    # Additional kwargs for the decode function
+    kwargs: dict[str, Any] = {}
+    if jwt_bearer_authentication_config.authorized_issuers:
+        kwargs["issuer"] = jwt_bearer_authentication_config.authorized_issuers
+    if jwt_bearer_authentication_config.authorized_audiences:
+        kwargs["audience"] = jwt_bearer_authentication_config.authorized_audiences
+    if subject:
+        kwargs["subject"] = subject
+    # Decode the JWT bearer token payload
+    try:
+        return decode(
+            jwt=jwt_token,
+            key=public_key,
+            algorithms=jwt_bearer_authentication_config.authorized_algorithms,
+            options={"verify_signature": True},
+            **kwargs,
+        )
+    except InvalidTokenError as e:
+        raise InvalidJWTError("Failed to decode the JWT bearer token payload") from e
+
+
+class JWTBearerTokenDecoderAbstract(ABC, Generic[JWTBearerPayloadGeneric]):
+    """JWT bearer token decoder."""
+
+    def get_kid_from_jwt_unsafe_header(self, jwt_token: JWTToken) -> str:
+        """Get the kid from the JWT header.
+
+        Args:
+            jwt_token (JWTToken): The JWT bearer token.
+
+        Returns:
+            str: The kid.
+        """
+        try:
+            jwt_unsafe_headers: dict[str, Any] = get_unverified_header(jwt_token)
+            return jwt_unsafe_headers["kid"]
+        except (KeyError, InvalidTokenError) as e:
+            raise InvalidJWTError("Failed to get the kid from the JWT header") from e
+
+    @abstractmethod
+    async def decode_payload(self, jwt_token: JWTToken) -> JWTBearerPayloadGeneric:
+        """Decode the JWT bearer token payload.
+
+        Args:
+            jwt_token (JWTToken): The JWT bearer token.
+
+        Returns:
+            JWTBearerPayloadGeneric: The decoded JWT bearer token payload.
+
+        Raises:
+            InvalidJWTError: If the JWT bearer token is invalid.
+            InvalidJWTPayploadError: If the JWT bearer token payload is invalid.
+        """
+        raise NotImplementedError()
+
+
+class JWTBearerTokenDecoder(JWTBearerTokenDecoderAbstract[JWTPayload]):
+    """JWT bearer token classic decoder."""
+
+    def __init__(
+        self, jwt_bearer_authentication_config: JWTBearerAuthenticationConfig, jwks_store: JWKStoreAbstract
+    ) -> None:
+        """Initialize the JWT bearer token classic decoder.
+
+        Args:
+            jwt_bearer_authentication_config (JWTBearerAuthenticationConfig): The JWT bearer authentication
+            configuration.
+            jwks_store (JWKStoreAbstract): The JWKS store.
+        """
+        self._jwt_bearer_authentication_config: JWTBearerAuthenticationConfig = jwt_bearer_authentication_config
+        self._jwks_store: JWKStoreAbstract = jwks_store
+
+    async def decode_payload(self, jwt_token: JWTToken) -> JWTPayload:
+        """Decode the JWT bearer token."""
+        # Get the kid from the JWT header
+        kid: str = self.get_kid_from_jwt_unsafe_header(jwt_token=jwt_token)
+        # Get the JWK from the JWKS store
+        jwk: PyJWK = await self._jwks_store.get_jwk(kid=kid)
+        # Decode the JWT bearer token payload
+        jwt_decoded: dict[str, Any] = await decode_jwt_token_payload(
+            jwt_token=jwt_token,
+            public_key=jwk,
+            jwt_bearer_authentication_config=self._jwt_bearer_authentication_config,
+        )
+        try:
+            return JWTPayload.model_validate(jwt_decoded)
+        except ValidationError as e:
+            raise InvalidJWTPayploadError("Failed to validate the JWT bearer token payload") from e

fastapi_factory_utilities/core/security/jwt/exceptions.py

@@ -0,0 +1,23 @@
+"""Provides the exceptions for the JWT authentication."""
+
+from fastapi_factory_utilities.core.exceptions import FastAPIFactoryUtilitiesError
+
+
+class JWTAuthenticationError(FastAPIFactoryUtilitiesError):
+    """JWT authentication error."""
+
+
+class MissingJWTCredentialsError(JWTAuthenticationError):
+    """Missing JWT authentication credentials error."""
+
+
+class InvalidJWTError(JWTAuthenticationError):
+    """Invalid JWT authentication credentials error."""
+
+
+class InvalidJWTPayploadError(JWTAuthenticationError):
+    """Invalid JWT payload error."""
+
+
+class NotVerifiedJWTError(JWTAuthenticationError):
+    """Not verified JWT error."""

fastapi_factory_utilities/core/security/jwt/objects.py

@@ -0,0 +1,107 @@
+"""Provides the JWT bearer token objects."""
+
+import datetime
+from typing import Annotated, Any, ClassVar
+
+from pydantic import BaseModel, BeforeValidator, ConfigDict, Field
+
+from .types import OAuth2Audience, OAuth2Issuer, OAuth2Scope, OAuth2Subject
+
+
+def validate_string_list_field(value: Any) -> list[str]:
+    """Validate a string list field.
+
+    Accepts either a space-separated string or a list of strings.
+    Converts all values to lowercase strings.
+
+    Args:
+        value: Either a string (space-separated) or a list of strings.
+
+    Returns:
+        A list of lowercase strings.
+
+    Raises:
+        ValueError: If the value is not a string or list, or if the resulting list is empty.
+    """
+    cleaned_value: list[str]
+    if isinstance(value, str):
+        cleaned_value = value.split(sep=" ")
+    elif isinstance(value, list):
+        cleaned_value = [str(item) for item in value if item is not None]
+    else:
+        raise ValueError(f"Invalid value type: expected str or list, got {type(value).__name__}")
+    cleaned_value = [item.lower() for item in cleaned_value if item.strip()]
+    if len(cleaned_value) == 0:
+        raise ValueError("Invalid value: empty list after processing")
+    return cleaned_value
+
+
+def validate_timestamp_field(value: Any) -> datetime.datetime:
+    """Validate a timestamp field.
+
+    Accepts either a Unix timestamp (int or string) or a datetime object.
+    Converts timestamps to UTC datetime objects.
+
+    Args:
+        value: Either a Unix timestamp (int or string) or a datetime object.
+
+    Returns:
+        A datetime object in UTC timezone.
+
+    Raises:
+        ValueError: If the value cannot be converted to a datetime.
+    """
+    if isinstance(value, datetime.datetime):
+        return value
+    if isinstance(value, str):
+        try:
+            value = int(value)
+        except ValueError as e:
+            raise ValueError(f"Invalid timestamp string: {value}") from e
+    if isinstance(value, int):
+        try:
+            return datetime.datetime.fromtimestamp(value, tz=datetime.UTC)
+        except (ValueError, OSError) as e:
+            raise ValueError(f"Invalid timestamp value: {value}") from e
+    raise ValueError(f"Invalid value type: expected int, str, or datetime, got {type(value).__name__}")
+
+
+class JWTPayload(BaseModel):
+    """JWT bearer token payload.
+
+    Represents a decoded JWT bearer token with OAuth2 claims.
+    All fields are required and validated according to OAuth2/JWT standards.
+
+    Attributes:
+        scope: List of OAuth2 scopes granted by the token.
+        aud: List of audiences (intended recipients) of the token.
+        iss: The issuer of the JWT token.
+        exp: The expiration date/time of the JWT token (UTC).
+        iat: The issued at date/time of the JWT token (UTC).
+        nbf: The not before date/time of the JWT token (UTC).
+        sub: The subject (user identifier) of the JWT token.
+    """
+
+    model_config: ClassVar[ConfigDict] = ConfigDict(
+        arbitrary_types_allowed=True,
+        extra="ignore",
+        frozen=True,
+    )
+
+    scope: Annotated[list[OAuth2Scope], BeforeValidator(validate_string_list_field)] = Field(
+        description="The scope of the JWT token."
+    )
+    aud: Annotated[list[OAuth2Audience], BeforeValidator(validate_string_list_field)] = Field(
+        description="The audiences of the JWT token."
+    )
+    iss: OAuth2Issuer = Field(description="The issuer of the JWT token.")
+    exp: Annotated[datetime.datetime, BeforeValidator(validate_timestamp_field)] = Field(
+        description="The expiration date of the JWT token."
+    )
+    iat: Annotated[datetime.datetime, BeforeValidator(validate_timestamp_field)] = Field(
+        description="The issued at date of the JWT token."
+    )
+    nbf: Annotated[datetime.datetime, BeforeValidator(validate_timestamp_field)] = Field(
+        description="The not before date of the JWT token."
+    )
+    sub: OAuth2Subject = Field(description="The subject of the JWT token.")

fastapi_factory_utilities/core/security/jwt/services.py

@@ -0,0 +1,176 @@
+"""Provides the JWT bearer authentication service."""
+
+from http import HTTPStatus
+from typing import Generic, TypeVar
+
+from fastapi import HTTPException, Request
+
+from fastapi_factory_utilities.core.security.abstracts import AuthenticationAbstract
+
+from .configs import JWTBearerAuthenticationConfig
+from .decoders import JWTBearerTokenDecoder, JWTBearerTokenDecoderAbstract
+from .exceptions import InvalidJWTError, InvalidJWTPayploadError, MissingJWTCredentialsError, NotVerifiedJWTError
+from .objects import JWTPayload
+from .stores import JWKStoreAbstract
+from .types import JWTToken
+from .verifiers import JWTNoneVerifier, JWTVerifierAbstract
+
+JWTBearerPayloadGeneric = TypeVar("JWTBearerPayloadGeneric", bound=JWTPayload)
+
+
+class JWTAuthenticationServiceAbstract(AuthenticationAbstract, Generic[JWTBearerPayloadGeneric]):
+    """JWT authentication service.
+
+    This service is the orchestrator for the JWT bearer authentication.
+    """
+
+    def __init__(
+        self,
+        jwt_bearer_authentication_config: JWTBearerAuthenticationConfig,
+        jwt_verifier: JWTVerifierAbstract[JWTBearerPayloadGeneric],
+        jwt_decoder: JWTBearerTokenDecoderAbstract[JWTBearerPayloadGeneric],
+        raise_exception: bool = True,
+    ) -> None:
+        """Initialize the JWT bearer authentication service.
+
+        Args:
+            jwt_bearer_authentication_config (JWTBearerAuthenticationConfig): The JWT bearer authentication
+            configuration.
+            jwt_verifier (JWTVerifierAbstract): The JWT bearer token verifier.
+            jwt_decoder (JWTBearerTokenDecoderAbstract[JWTBearerPayloadGeneric]): The JWT bearer token decoder.
+            raise_exception (bool, optional): Whether to raise an exception or return None. Defaults to True.
+        """
+        # Configuration and Behavior
+        self._jwt_bearer_authentication_config: JWTBearerAuthenticationConfig = jwt_bearer_authentication_config
+        self._jwt_verifier: JWTVerifierAbstract[JWTBearerPayloadGeneric] = jwt_verifier
+        self._jwt_decoder: JWTBearerTokenDecoderAbstract[JWTBearerPayloadGeneric] = jwt_decoder
+        # Runtime variables
+        self._jwt: JWTToken | None = None
+        self._jwt_payload: JWTBearerPayloadGeneric | None = None
+        super().__init__(raise_exception=raise_exception)
+
+    @property
+    def verifier(self) -> JWTVerifierAbstract[JWTBearerPayloadGeneric]:
+        """Get the JWT bearer token verifier.
+
+        Returns:
+            JWTVerifierAbstract[JWTBearerPayloadGeneric]: The JWT bearer token verifier.
+        """
+        return self._jwt_verifier
+
+    @property
+    def decoder(self) -> JWTBearerTokenDecoderAbstract[JWTBearerPayloadGeneric]:
+        """Get the JWT bearer token decoder.
+
+        Returns:
+            JWTBearerTokenDecoderAbstract[JWTBearerPayloadGeneric]: The JWT bearer token decoder.
+        """
+        return self._jwt_decoder
+
+    @classmethod
+    def extract_authorization_header_from_request(cls, request: Request) -> str:
+        """Extract the authorization header from the request.
+
+        Args:
+            request (Request): The request object.
+
+        Returns:
+            str: The authorization header.
+
+        Raises:
+            MissingJWTCredentialsError: If the authorization header is missing.
+        """
+        authorization_header: str | None = request.headers.get("Authorization", None)
+        if not authorization_header:
+            raise MissingJWTCredentialsError(message="Missing Credentials")
+        return authorization_header
+
+    @classmethod
+    def extract_bearer_token_from_authorization_header(cls, authorization_header: str) -> JWTToken:
+        """Extract the bearer token from the authorization header.
+
+        Args:
+            authorization_header (str): The authorization header.
+
+        Returns:
+            JWTToken: The bearer token.
+
+        Raises:
+            InvalidJWTError: If the authorization header is invalid.
+        """
+        if not authorization_header.startswith("Bearer "):
+            raise InvalidJWTError(message="Invalid Credentials")
+        return JWTToken(authorization_header.split(sep=" ")[1])
+
+    @property
+    def payload(self) -> JWTBearerPayloadGeneric | None:
+        """Get the JWT bearer payload.
+
+        Returns:
+            JWTBearerPayloadGeneric | None: The JWT bearer payload, or None if not authenticated yet.
+        """
+        return self._jwt_payload
+
+    async def authenticate(self, request: Request) -> None:
+        """Authenticate the JWT bearer token.
+
+        Args:
+            request (Request): The request object.
+
+        Returns:
+            None: If the authentication is successful or not raise_exception is False.
+
+        Raises:
+            MissingJWTCredentialsError: If the authorization header is missing.
+            InvalidJWTError: If the authorization header is invalid.
+            InvalidJWTPayploadError: If the JWT bearer token payload is invalid.
+            NotVerifiedJWTError: If the JWT bearer token is not verified.
+        """
+        authorization_header: str
+        try:
+            authorization_header = self.extract_authorization_header_from_request(request=request)
+            self._jwt = self.extract_bearer_token_from_authorization_header(authorization_header=authorization_header)
+        except (MissingJWTCredentialsError, InvalidJWTError) as e:
+            return self.raise_exception(HTTPException(status_code=HTTPStatus.UNAUTHORIZED, detail=str(e)))
+
+        try:
+            self._jwt_payload = await self._jwt_decoder.decode_payload(jwt_token=self._jwt)
+        except (InvalidJWTError, InvalidJWTPayploadError) as e:
+            return self.raise_exception(HTTPException(status_code=HTTPStatus.FORBIDDEN, detail=str(e)))
+
+        try:
+            await self._jwt_verifier.verify(jwt_token=self._jwt, jwt_payload=self._jwt_payload)
+        except NotVerifiedJWTError as e:
+            return self.raise_exception(HTTPException(status_code=HTTPStatus.FORBIDDEN, detail=str(e)))
+
+        return
+
+
+class JWTAuthenticationService(JWTAuthenticationServiceAbstract[JWTPayload]):
+    """JWT bearer authentication service."""
+
+    def __init__(
+        self,
+        jwt_bearer_authentication_config: JWTBearerAuthenticationConfig,
+        jwks_store: JWKStoreAbstract,
+        raise_exception: bool = True,
+    ) -> None:
+        """Initialize the JWT bearer authentication service.
+
+        Don't enforce the public_key from configuration, for the developper to
+        provide it through the dependency injection freely from any source.
+
+        Args:
+            jwt_bearer_authentication_config (JWTBearerAuthenticationConfig): The JWT bearer authentication
+            configuration.
+            jwks_store (JWKStoreAbstract): The JWKS store.
+            raise_exception (bool, optional): Whether to raise an exception or return None. Defaults to True.
+        """
+        super().__init__(
+            jwt_bearer_authentication_config=jwt_bearer_authentication_config,
+            jwt_verifier=JWTNoneVerifier(),
+            jwt_decoder=JWTBearerTokenDecoder(
+                jwt_bearer_authentication_config=jwt_bearer_authentication_config, jwks_store=jwks_store
+            ),
+            raise_exception=raise_exception,
+        )

fastapi_factory_utilities/core/security/jwt/stores.py

@@ -0,0 +1,43 @@
+"""Provides the JWK stores."""
+
+from abc import ABC, abstractmethod
+from asyncio import Lock
+
+from jwt.api_jwk import PyJWK, PyJWKSet
+
+
+class JWKStoreAbstract(ABC):
+    """JWK store abstract class."""
+
+    async def get_jwk(self, kid: str) -> PyJWK:
+        """Get the JWK from the store."""
+        return (await self.get_jwks())[kid]
+
+    @abstractmethod
+    async def get_jwks(self) -> PyJWKSet:
+        """Get the JWKS from the store."""
+        raise NotImplementedError()
+
+    @abstractmethod
+    async def store_jwks(self, jwks: PyJWKSet) -> None:
+        """Store the JWKS in the store."""
+        raise NotImplementedError()
+
+
+class JWKStoreMemory(JWKStoreAbstract):
+    """JWK store in memory. Concurrent safe."""
+
+    def __init__(self) -> None:
+        """Initialize the JWK store in memory."""
+        self._jwks: PyJWKSet = PyJWKSet([])
+        self._lock: Lock = Lock()
+
+    async def get_jwks(self) -> PyJWKSet:
+        """Get the JWKS from the store."""
+        async with self._lock:
+            return self._jwks
+
+    async def store_jwks(self, jwks: PyJWKSet) -> None:
+        """Store the JWKS in the store."""
+        async with self._lock:
+            self._jwks = jwks

fastapi_factory_utilities/core/security/jwt/types.py

@@ -0,0 +1,9 @@
+"""Provides the JWT bearer token types."""
+
+from typing import NewType
+
+JWTToken = NewType("JWTToken", str)
+OAuth2Scope = NewType("OAuth2Scope", str)
+OAuth2Audience = NewType("OAuth2Audience", str)
+OAuth2Issuer = NewType("OAuth2Issuer", str)
+OAuth2Subject = NewType("OAuth2Subject", str)

fastapi_factory_utilities/core/security/jwt/verifiers.py

@@ -0,0 +1,46 @@
+"""Provides the JWT bearer token validator."""
+
+from abc import ABC, abstractmethod
+from typing import Generic, TypeVar
+
+from .objects import JWTPayload
+from .types import JWTToken
+
+JWTBearerPayloadGeneric = TypeVar("JWTBearerPayloadGeneric", bound=JWTPayload)
+
+
+class JWTVerifierAbstract(ABC, Generic[JWTBearerPayloadGeneric]):
+    """JWT verifier."""
+
+    @abstractmethod
+    async def verify(
+        self,
+        jwt_token: JWTToken,
+        jwt_payload: JWTBearerPayloadGeneric,
+    ) -> None:
+        """Verify the JWT bearer token.
+
+        Args:
+            jwt_token (JWTToken): The JWT bearer token.
+            jwt_payload (JWTBearerPayloadGeneric): The JWT bearer payload.
+
+        Raises:
+            NotVerifiedJWTError: If the JWT bearer token is not verified.
+        """
+        raise NotImplementedError()
+
+
+class JWTNoneVerifier(JWTVerifierAbstract[JWTPayload]):
+    """JWT none verifier."""
+
+    async def verify(self, jwt_token: JWTToken, jwt_payload: JWTPayload) -> None:
+        """Verify the JWT bearer token.
+
+        Args:
+            jwt_token (JWTToken): The JWT bearer token.
+            jwt_payload (JWTBearerPayload): The JWT bearer payload.
+
+        Raises:
+            NotVerifiedJWTError: If the JWT bearer token is not verified.
+        """
+        return