pypomes-jwt 0.5.5__py3-none-any.whl → 0.5.7__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of pypomes-jwt might be problematic. Click here for more details.
- pypomes_jwt/jwt_data.py +12 -16
- pypomes_jwt/jwt_pomes.py +15 -17
- {pypomes_jwt-0.5.5.dist-info → pypomes_jwt-0.5.7.dist-info}/METADATA +3 -2
- pypomes_jwt-0.5.7.dist-info/RECORD +7 -0
- pypomes_jwt-0.5.5.dist-info/RECORD +0 -7
- {pypomes_jwt-0.5.5.dist-info → pypomes_jwt-0.5.7.dist-info}/WHEEL +0 -0
- {pypomes_jwt-0.5.5.dist-info → pypomes_jwt-0.5.7.dist-info}/licenses/LICENSE +0 -0
pypomes_jwt/jwt_data.py
CHANGED
|
@@ -63,14 +63,10 @@ class JwtData:
|
|
|
63
63
|
private_key: bytes,
|
|
64
64
|
public_key: bytes,
|
|
65
65
|
request_timeout: float,
|
|
66
|
-
local_provider: bool,
|
|
67
66
|
logger: Logger = None) -> None:
|
|
68
67
|
"""
|
|
69
68
|
Add to storage the parameters needed to obtain and validate JWT tokens.
|
|
70
69
|
|
|
71
|
-
Protocol indication in *service_url* (typically *http:* or *https:*), is disregarded, to guarantee
|
|
72
|
-
that processing herein will not be affected by in-transit protocol changes.
|
|
73
|
-
|
|
74
70
|
Presently, the *refresh_max_age* data is not relevant, as the authorization parameters in *claims*
|
|
75
71
|
(typically, an acess-key/secret-key pair), have been previously validated elsewhere.
|
|
76
72
|
This situation might change in the future.
|
|
@@ -84,7 +80,6 @@ class JwtData:
|
|
|
84
80
|
:param private_key: private key for RSA authentication
|
|
85
81
|
:param public_key: public key for RSA authentication
|
|
86
82
|
:param request_timeout: timeout for the requests to the service URL
|
|
87
|
-
:param local_provider: whether 'service_url' is a local endpoint
|
|
88
83
|
:param logger: optional logger
|
|
89
84
|
"""
|
|
90
85
|
# obtain the item in storage
|
|
@@ -97,7 +92,6 @@ class JwtData:
|
|
|
97
92
|
"algorithm": algorithm,
|
|
98
93
|
"access-max-age": access_max_age,
|
|
99
94
|
"request-timeout": request_timeout,
|
|
100
|
-
"local-provider": local_provider,
|
|
101
95
|
"refresh-exp": datetime.now(tz=timezone.utc) + timedelta(seconds=refresh_max_age)
|
|
102
96
|
}
|
|
103
97
|
if algorithm in ["HS256", "HS512"]:
|
|
@@ -176,7 +170,7 @@ class JwtData:
|
|
|
176
170
|
:raises InvalidIssuerError: 'iss' claim does not match the expected issuer
|
|
177
171
|
:raises InvalidIssuedAtError: 'iat' claim is non-numeric
|
|
178
172
|
:raises MissingRequiredClaimError: a required claim is not contained in the claimset
|
|
179
|
-
:raises RuntimeError: access data not found for the given
|
|
173
|
+
:raises RuntimeError: access data not found for the given *service_url*, or
|
|
180
174
|
the remote JWT provider failed to return a token
|
|
181
175
|
"""
|
|
182
176
|
# declare the return variable
|
|
@@ -253,7 +247,7 @@ class JwtData:
|
|
|
253
247
|
|
|
254
248
|
:param token: the token to be inspected for claims
|
|
255
249
|
:param logger: optional logger
|
|
256
|
-
:return: the token's claimset, or
|
|
250
|
+
:return: the token's claimset, or *None* if error
|
|
257
251
|
:raises InvalidTokenError: token is not valid
|
|
258
252
|
:raises ExpiredSignatureError: token has expired
|
|
259
253
|
"""
|
|
@@ -283,16 +277,18 @@ class JwtData:
|
|
|
283
277
|
def retrieve_access_data(self,
|
|
284
278
|
service_url: str,
|
|
285
279
|
logger: Logger = None) -> dict[str, dict[str, Any]]:
|
|
280
|
+
# noinspection HttpUrlsUsage
|
|
286
281
|
"""
|
|
287
|
-
|
|
282
|
+
Retrieve and return the access data in storage corresponding to *service_url*.
|
|
288
283
|
|
|
289
|
-
|
|
290
|
-
|
|
284
|
+
For the purpose of retrieving access data, Protocol indication in *service_url*
|
|
285
|
+
(typically, *http://* or *https://*), is disregarded. This guarantees
|
|
286
|
+
that processing herein will not be affected by in-transit protocol changes.
|
|
291
287
|
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
288
|
+
:param service_url: the reference URL for obtaining JWT tokens
|
|
289
|
+
:param logger: optional logger
|
|
290
|
+
:return: the corresponding item in storage, or *None* if not found
|
|
291
|
+
"""
|
|
296
292
|
# initialize the return variable
|
|
297
293
|
result: dict[str, dict[str, Any]] | None = None
|
|
298
294
|
|
|
@@ -333,7 +329,7 @@ def jwt_request_token(errors: list[str],
|
|
|
333
329
|
:param errors: incidental errors
|
|
334
330
|
:param service_url: the reference URL for obtaining JWT tokens
|
|
335
331
|
:param claims: the JWT claimset, as expected by the issuing server
|
|
336
|
-
:param timeout: request timeout, in seconds (defaults to
|
|
332
|
+
:param timeout: request timeout, in seconds (defaults to *None*)
|
|
337
333
|
:param logger: optional logger
|
|
338
334
|
"""
|
|
339
335
|
# initialize the return variable
|
pypomes_jwt/jwt_pomes.py
CHANGED
|
@@ -16,7 +16,7 @@ JWT_REFRESH_MAX_AGE: Final[int] = env_get_int(key=f"{APP_PREFIX}_JWT_REFRESH_MAX
|
|
|
16
16
|
def_value=43200)
|
|
17
17
|
JWT_HS_SECRET_KEY: Final[bytes] = env_get_bytes(key=f"{APP_PREFIX}_JWT_HS_SECRET_KEY",
|
|
18
18
|
def_value=token_bytes(32))
|
|
19
|
-
# must
|
|
19
|
+
# must invoke 'jwt_service()' below
|
|
20
20
|
JWT_ENDPOINT_URL: Final[str] = env_get_str(key=f"{APP_PREFIX}_JWT_ENDPOINT_URL")
|
|
21
21
|
|
|
22
22
|
__priv_key: bytes = env_get_bytes(key=f"{APP_PREFIX}_JWT_RSA_PRIVATE_KEY")
|
|
@@ -58,14 +58,10 @@ def jwt_set_service_access(service_url: str,
|
|
|
58
58
|
private_key: bytes = JWT_RSA_PRIVATE_KEY,
|
|
59
59
|
public_key: bytes = JWT_RSA_PUBLIC_KEY,
|
|
60
60
|
request_timeout: int = None,
|
|
61
|
-
local_provider: bool = False,
|
|
62
61
|
logger: Logger = None) -> None:
|
|
63
62
|
"""
|
|
64
63
|
Set the data needed to obtain JWT tokens from *service_url*.
|
|
65
64
|
|
|
66
|
-
Protocol indication in *service_url* (typically *http:* or *https:*), is disregarded, to guarantee
|
|
67
|
-
that processing herein will not be affected by in-transit protocol changes.
|
|
68
|
-
|
|
69
65
|
:param service_url: the reference URL
|
|
70
66
|
:param claims: the JWT claimset, as key-value pairs
|
|
71
67
|
:param algorithm: the authentication type
|
|
@@ -75,16 +71,14 @@ def jwt_set_service_access(service_url: str,
|
|
|
75
71
|
:param private_key: private key for RSA authentication
|
|
76
72
|
:param public_key: public key for RSA authentication
|
|
77
73
|
:param request_timeout: timeout for the requests to the service URL
|
|
78
|
-
:param local_provider: whether 'service_url' is a local endpoint
|
|
79
74
|
:param logger: optional logger
|
|
80
75
|
"""
|
|
81
76
|
# extract the extra claims
|
|
82
77
|
pos: int = service_url.find("?")
|
|
83
78
|
if pos > 0:
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
claims[param.split("=")[0]] = param.split("=")[1]
|
|
79
|
+
params: list[str] = service_url[pos+1:].split(sep="&")
|
|
80
|
+
for param in params:
|
|
81
|
+
claims[param.split("=")[0]] = param.split("=")[1]
|
|
88
82
|
service_url = service_url[:pos]
|
|
89
83
|
|
|
90
84
|
# register the JWT service
|
|
@@ -97,7 +91,6 @@ def jwt_set_service_access(service_url: str,
|
|
|
97
91
|
private_key=private_key,
|
|
98
92
|
public_key=public_key,
|
|
99
93
|
request_timeout=request_timeout,
|
|
100
|
-
local_provider=local_provider,
|
|
101
94
|
logger=logger)
|
|
102
95
|
|
|
103
96
|
|
|
@@ -231,10 +224,9 @@ def jwt_verify_request(request: Request,
|
|
|
231
224
|
return result
|
|
232
225
|
|
|
233
226
|
|
|
234
|
-
# @flask_app.route(rule="/jwt-service",
|
|
235
|
-
# methods=["POST"])
|
|
236
227
|
def jwt_service(service_url: str = None,
|
|
237
|
-
service_params: dict[str, Any] = None
|
|
228
|
+
service_params: dict[str, Any] = None,
|
|
229
|
+
logger: Logger = None) -> Response:
|
|
238
230
|
"""
|
|
239
231
|
Entry point for obtaining JWT tokens.
|
|
240
232
|
|
|
@@ -254,7 +246,8 @@ def jwt_service(service_url: str = None,
|
|
|
254
246
|
}
|
|
255
247
|
|
|
256
248
|
:param service_url: the JWT reference URL, alternatively passed in JSON
|
|
257
|
-
:param service_params: the optional JSON containing the request parameters (defaults to body
|
|
249
|
+
:param service_params: the optional JSON containing the request parameters (defaults to JSON in body)
|
|
250
|
+
:param logger: optional logger
|
|
258
251
|
:return: the requested JWT token, along with its duration.
|
|
259
252
|
"""
|
|
260
253
|
# declare the return variable
|
|
@@ -272,7 +265,8 @@ def jwt_service(service_url: str = None,
|
|
|
272
265
|
if not service_url:
|
|
273
266
|
service_url = params.get("service-url")
|
|
274
267
|
if service_url:
|
|
275
|
-
item_data: dict[str, dict[str, Any]] = __jwt_data.retrieve_access_data(service_url=service_url
|
|
268
|
+
item_data: dict[str, dict[str, Any]] = __jwt_data.retrieve_access_data(service_url=service_url,
|
|
269
|
+
logger=logger)
|
|
276
270
|
if item_data:
|
|
277
271
|
valid = True
|
|
278
272
|
custom_claims: dict[str, Any] = item_data.get("custom-claims")
|
|
@@ -284,9 +278,13 @@ def jwt_service(service_url: str = None,
|
|
|
284
278
|
# obtain the token data
|
|
285
279
|
if valid:
|
|
286
280
|
try:
|
|
287
|
-
token_data: dict[str, Any] = __jwt_data.get_token_data(service_url=service_url
|
|
281
|
+
token_data: dict[str, Any] = __jwt_data.get_token_data(service_url=service_url,
|
|
282
|
+
logger=logger)
|
|
288
283
|
result = jsonify(token_data)
|
|
289
284
|
except Exception as e:
|
|
285
|
+
# validation failed
|
|
286
|
+
if logger:
|
|
287
|
+
logger.error(msg=str(e))
|
|
290
288
|
result = Response(response=str(e),
|
|
291
289
|
status=401)
|
|
292
290
|
else:
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: pypomes_jwt
|
|
3
|
-
Version: 0.5.
|
|
3
|
+
Version: 0.5.7
|
|
4
4
|
Summary: A collection of Python pomes, penyeach (JWT module)
|
|
5
5
|
Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
|
|
6
6
|
Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues
|
|
@@ -11,4 +11,5 @@ Classifier: Operating System :: OS Independent
|
|
|
11
11
|
Classifier: Programming Language :: Python :: 3
|
|
12
12
|
Requires-Python: >=3.12
|
|
13
13
|
Requires-Dist: pyjwt>=2.10.1
|
|
14
|
-
Requires-Dist:
|
|
14
|
+
Requires-Dist: pyopenssl>=25.0.0
|
|
15
|
+
Requires-Dist: pypomes-core>=1.7.1
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
pypomes_jwt/__init__.py,sha256=1IyBb94cZjkXMibHrH_vh043b06QFh5UQ6HTYSDau28,978
|
|
2
|
+
pypomes_jwt/jwt_data.py,sha256=5W8HjdX5lVHvDkaDmOEARgwmp7GFPCX-c_iYjB6eUrQ,17397
|
|
3
|
+
pypomes_jwt/jwt_pomes.py,sha256=sSYfgrh3Mnz3bddTjCvA-_FZWAaeqiHA9yMKkoPVO7M,11255
|
|
4
|
+
pypomes_jwt-0.5.7.dist-info/METADATA,sha256=859iRwQR97JIEQ85PGQOieETPdcHOSUcr5hDhNX34HM,596
|
|
5
|
+
pypomes_jwt-0.5.7.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
6
|
+
pypomes_jwt-0.5.7.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
|
|
7
|
+
pypomes_jwt-0.5.7.dist-info/RECORD,,
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
pypomes_jwt/__init__.py,sha256=1IyBb94cZjkXMibHrH_vh043b06QFh5UQ6HTYSDau28,978
|
|
2
|
-
pypomes_jwt/jwt_data.py,sha256=dIRkXvEfM0aWXqJVeeeeGVLH2G5qGnhrpVygCoKj7ws,17602
|
|
3
|
-
pypomes_jwt/jwt_pomes.py,sha256=tKZd3eVMNsNNSJyQv0401JCwq_CPbwv8LxCnwiBBltM,11404
|
|
4
|
-
pypomes_jwt-0.5.5.dist-info/METADATA,sha256=afC2ceWYURWZtUNTzUkCgsL3gUdjBUbHdlKBAj79OVA,563
|
|
5
|
-
pypomes_jwt-0.5.5.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
6
|
-
pypomes_jwt-0.5.5.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
|
|
7
|
-
pypomes_jwt-0.5.5.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|