pypomes-jwt 0.9.2__py3-none-any.whl → 0.9.4__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of pypomes-jwt might be problematic. Click here for more details.
- pypomes_jwt/__init__.py +4 -4
- pypomes_jwt/jwt_pomes.py +70 -29
- pypomes_jwt/jwt_registry.py +7 -15
- {pypomes_jwt-0.9.2.dist-info → pypomes_jwt-0.9.4.dist-info}/METADATA +1 -1
- pypomes_jwt-0.9.4.dist-info/RECORD +8 -0
- pypomes_jwt-0.9.2.dist-info/RECORD +0 -8
- {pypomes_jwt-0.9.2.dist-info → pypomes_jwt-0.9.4.dist-info}/WHEEL +0 -0
- {pypomes_jwt-0.9.2.dist-info → pypomes_jwt-0.9.4.dist-info}/licenses/LICENSE +0 -0
pypomes_jwt/__init__.py
CHANGED
|
@@ -9,8 +9,8 @@ from .jwt_constants import (
|
|
|
9
9
|
from .jwt_pomes import (
|
|
10
10
|
jwt_needed, jwt_verify_request,
|
|
11
11
|
jwt_assert_account, jwt_set_account, jwt_remove_account,
|
|
12
|
-
jwt_issue_token, jwt_issue_tokens,
|
|
13
|
-
jwt_validate_token, jwt_revoke_token
|
|
12
|
+
jwt_issue_token, jwt_issue_tokens, jwt_refresh_tokens,
|
|
13
|
+
jwt_get_claims, jwt_validate_token, jwt_revoke_token
|
|
14
14
|
)
|
|
15
15
|
|
|
16
16
|
__all__ = [
|
|
@@ -24,8 +24,8 @@ __all__ = [
|
|
|
24
24
|
# jwt_pomes
|
|
25
25
|
"jwt_needed", "jwt_verify_request",
|
|
26
26
|
"jwt_assert_account", "jwt_set_account", "jwt_remove_account",
|
|
27
|
-
"jwt_issue_token", "jwt_issue_tokens", "
|
|
28
|
-
"jwt_validate_token", "jwt_revoke_token"
|
|
27
|
+
"jwt_issue_token", "jwt_issue_tokens", "jwt_refresh_tokens",
|
|
28
|
+
"jwt_get_claims", "jwt_validate_token", "jwt_revoke_token"
|
|
29
29
|
]
|
|
30
30
|
|
|
31
31
|
from importlib.metadata import version
|
pypomes_jwt/jwt_pomes.py
CHANGED
|
@@ -94,10 +94,8 @@ def jwt_set_account(account_id: str,
|
|
|
94
94
|
access_max_age: int = JWT_ACCESS_MAX_AGE,
|
|
95
95
|
refresh_max_age: int = JWT_REFRESH_MAX_AGE,
|
|
96
96
|
grace_interval: int = None,
|
|
97
|
-
token_audience: str = None,
|
|
98
|
-
token_nonce: str = None,
|
|
99
97
|
request_timeout: int = None,
|
|
100
|
-
remote_provider: bool =
|
|
98
|
+
remote_provider: bool = None,
|
|
101
99
|
logger: Logger = None) -> None:
|
|
102
100
|
"""
|
|
103
101
|
Set the data needed to obtain JWT tokens for *account_id*.
|
|
@@ -108,8 +106,6 @@ def jwt_set_account(account_id: str,
|
|
|
108
106
|
:param access_max_age: access token duration, in seconds
|
|
109
107
|
:param refresh_max_age: refresh token duration, in seconds
|
|
110
108
|
:param grace_interval: optional time to wait for token to be valid, in seconds
|
|
111
|
-
:param token_audience: optional audience the token is intended for
|
|
112
|
-
:param token_nonce: optional value used to associate a client session with a token
|
|
113
109
|
:param request_timeout: timeout for the requests to the reference URL
|
|
114
110
|
:param remote_provider: whether the JWT provider is a remote server
|
|
115
111
|
:param logger: optional logger
|
|
@@ -132,8 +128,6 @@ def jwt_set_account(account_id: str,
|
|
|
132
128
|
access_max_age=access_max_age,
|
|
133
129
|
refresh_max_age=refresh_max_age,
|
|
134
130
|
grace_interval=grace_interval,
|
|
135
|
-
token_audience=token_audience,
|
|
136
|
-
token_nonce=token_nonce,
|
|
137
131
|
request_timeout=request_timeout,
|
|
138
132
|
remote_provider=remote_provider,
|
|
139
133
|
logger=logger)
|
|
@@ -263,7 +257,7 @@ def jwt_revoke_token(errors: list[str] | None,
|
|
|
263
257
|
|
|
264
258
|
:param errors: incidental error messages
|
|
265
259
|
:param account_id: the account identification
|
|
266
|
-
:param refresh_token: the token to be
|
|
260
|
+
:param refresh_token: the token to be revoked
|
|
267
261
|
:param logger: optional logger
|
|
268
262
|
:return: *True* if operation could be performed, *False* otherwise
|
|
269
263
|
"""
|
|
@@ -327,7 +321,7 @@ def jwt_issue_token(errors: list[str] | None,
|
|
|
327
321
|
result: str | None = None
|
|
328
322
|
|
|
329
323
|
if logger:
|
|
330
|
-
logger.debug(msg=f"
|
|
324
|
+
logger.debug(msg=f"Issuing a JWT token for '{account_id}'")
|
|
331
325
|
op_errors: list[str] = []
|
|
332
326
|
|
|
333
327
|
try:
|
|
@@ -355,7 +349,6 @@ def jwt_issue_token(errors: list[str] | None,
|
|
|
355
349
|
def jwt_issue_tokens(errors: list[str] | None,
|
|
356
350
|
account_id: str,
|
|
357
351
|
account_claims: dict[str, Any] = None,
|
|
358
|
-
refresh_token: str = None,
|
|
359
352
|
logger: Logger = None) -> dict[str, Any]:
|
|
360
353
|
"""
|
|
361
354
|
Issue the JWT tokens associated with *account_id*, for access and refresh operations.
|
|
@@ -376,7 +369,6 @@ def jwt_issue_tokens(errors: list[str] | None,
|
|
|
376
369
|
:param errors: incidental error messages
|
|
377
370
|
:param account_id: the account identification
|
|
378
371
|
:param account_claims: if provided, may supercede registered claims
|
|
379
|
-
:param refresh_token: if provided, defines a token refresh operation
|
|
380
372
|
:param logger: optional logger
|
|
381
373
|
:return: the JWT token data, or *None* if error
|
|
382
374
|
"""
|
|
@@ -384,34 +376,83 @@ def jwt_issue_tokens(errors: list[str] | None,
|
|
|
384
376
|
result: dict[str, Any] | None = None
|
|
385
377
|
|
|
386
378
|
if logger:
|
|
387
|
-
logger.debug(msg=f"
|
|
379
|
+
logger.debug(msg=f"Issuing a pair of JWT tokens for '{account_id}'")
|
|
380
|
+
op_errors: list[str] = []
|
|
381
|
+
|
|
382
|
+
try:
|
|
383
|
+
result = __jwt_registry.issue_tokens(account_id=account_id,
|
|
384
|
+
account_claims=account_claims,
|
|
385
|
+
logger=logger)
|
|
386
|
+
if logger:
|
|
387
|
+
logger.debug(msg=f"Token data is '{result}'")
|
|
388
|
+
except Exception as e:
|
|
389
|
+
# token issuing failed
|
|
390
|
+
op_errors.append(str(e))
|
|
391
|
+
|
|
392
|
+
if op_errors:
|
|
393
|
+
if logger:
|
|
394
|
+
logger.error("; ".join(op_errors))
|
|
395
|
+
if isinstance(errors, list):
|
|
396
|
+
errors.extend(op_errors)
|
|
397
|
+
|
|
398
|
+
return result
|
|
399
|
+
|
|
400
|
+
|
|
401
|
+
def jwt_refresh_tokens(errors: list[str] | None,
|
|
402
|
+
account_id: str,
|
|
403
|
+
refresh_token: str = None,
|
|
404
|
+
logger: Logger = None) -> dict[str, Any]:
|
|
405
|
+
"""
|
|
406
|
+
Issue the JWT tokens associated with *account_id*, for access and refresh operations.
|
|
407
|
+
|
|
408
|
+
The claims in *refresh-token* are used on issuing the new tokens.
|
|
409
|
+
|
|
410
|
+
Structure of the return data:
|
|
411
|
+
{
|
|
412
|
+
"access_token": <jwt-token>,
|
|
413
|
+
"created_in": <timestamp>,
|
|
414
|
+
"expires_in": <seconds-to-expiration>,
|
|
415
|
+
"refresh_token": <jwt-token>
|
|
416
|
+
}
|
|
417
|
+
|
|
418
|
+
:param errors: incidental error messages
|
|
419
|
+
:param account_id: the account identification
|
|
420
|
+
:param refresh_token: the base refresh token
|
|
421
|
+
:param logger: optional logger
|
|
422
|
+
:return: the JWT token data, or *None* if error
|
|
423
|
+
"""
|
|
424
|
+
# inicialize the return variable
|
|
425
|
+
result: dict[str, Any] | None = None
|
|
426
|
+
|
|
427
|
+
if logger:
|
|
428
|
+
logger.debug(msg=f"Refreshing a pair of JWT tokens for '{account_id}'")
|
|
388
429
|
op_errors: list[str] = []
|
|
389
430
|
|
|
390
431
|
# verify whether this refresh token is legitimate
|
|
391
432
|
if refresh_token:
|
|
392
|
-
account_claims = (jwt_validate_token(errors=op_errors,
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
433
|
+
account_claims: dict[str, Any] = (jwt_validate_token(errors=op_errors,
|
|
434
|
+
token=refresh_token,
|
|
435
|
+
natures=["R"],
|
|
436
|
+
account_id=account_id,
|
|
437
|
+
logger=logger) or {}).get("payload")
|
|
438
|
+
# revoke current refresh token
|
|
439
|
+
if account_claims and jwt_revoke_token(errors=errors,
|
|
440
|
+
account_id=account_id,
|
|
441
|
+
refresh_token=refresh_token,
|
|
442
|
+
logger=logger):
|
|
398
443
|
account_claims.pop("exp", None)
|
|
399
444
|
account_claims.pop("iat", None)
|
|
400
445
|
account_claims.pop("iss", None)
|
|
401
446
|
account_claims.pop("jti", None)
|
|
402
447
|
account_claims.pop("nbt", None)
|
|
403
448
|
account_claims.pop("sub", None)
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
logger.debug(msg=f"Token data is '{result}'")
|
|
412
|
-
except Exception as e:
|
|
413
|
-
# token issuing failed
|
|
414
|
-
op_errors.append(str(e))
|
|
449
|
+
# issue tokens
|
|
450
|
+
result = jwt_issue_tokens(errors=errors,
|
|
451
|
+
account_id=account_id,
|
|
452
|
+
account_claims=account_claims,
|
|
453
|
+
logger=logger)
|
|
454
|
+
else:
|
|
455
|
+
op_errors.append("Refresh token was not provided")
|
|
415
456
|
|
|
416
457
|
if op_errors:
|
|
417
458
|
if logger:
|
pypomes_jwt/jwt_registry.py
CHANGED
|
@@ -33,9 +33,7 @@ class JwtRegistry:
|
|
|
33
33
|
"access-max-age": <int>, # in seconds - defaults to JWT_ACCESS_MAX_AGE
|
|
34
34
|
"refresh-max-age": <int>, # in seconds - defaults to JWT_REFRESH_MAX_AGE
|
|
35
35
|
"grace-interval": <int> # time to wait for token to be valid, in seconds
|
|
36
|
-
#
|
|
37
|
-
"token-audience": <string> # the audience the token is intended for
|
|
38
|
-
"token_nonce": <string> # value used to associate a client session with a token
|
|
36
|
+
"request-timeout": <int> # timeout for the requests to the reference URL (in seconds)
|
|
39
37
|
"claims": {
|
|
40
38
|
"valid-from": <string> # token's start (<YYYY-MM-DDThh:mm:ss+00:00>)
|
|
41
39
|
"valid-until": <string> # token's finish (<YYYY-MM-DDThh:mm:ss+00:00>)
|
|
@@ -45,7 +43,7 @@ class JwtRegistry:
|
|
|
45
43
|
"gender": <string>, # subject's gender
|
|
46
44
|
"name": <string>, # subject's name
|
|
47
45
|
"roles": <List[str]>, # subject roles
|
|
48
|
-
"nonce": <string>, #
|
|
46
|
+
"nonce": <string>, # used to associate a Client session with a token
|
|
49
47
|
...
|
|
50
48
|
}
|
|
51
49
|
},
|
|
@@ -78,7 +76,7 @@ class JwtRegistry:
|
|
|
78
76
|
"gender": <string> # subject's gender
|
|
79
77
|
"name": <string> # subject's name
|
|
80
78
|
"roles": <List[str]> # subject roles
|
|
81
|
-
"nonce": <string> #
|
|
79
|
+
"nonce": <string> # used to associate a client session with a token
|
|
82
80
|
|
|
83
81
|
The token header has these items:
|
|
84
82
|
"alg": <string> # the algorithm used to sign the token (one of *HS256*, *HS51*', *RSA256*, *RSA512*)
|
|
@@ -101,11 +99,9 @@ class JwtRegistry:
|
|
|
101
99
|
claims: dict[str, Any],
|
|
102
100
|
access_max_age: int,
|
|
103
101
|
refresh_max_age: int,
|
|
104
|
-
grace_interval: int,
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
request_timeout: int,
|
|
108
|
-
remote_provider: bool,
|
|
102
|
+
grace_interval: int | None,
|
|
103
|
+
request_timeout: int | None,
|
|
104
|
+
remote_provider: bool | None,
|
|
109
105
|
logger: Logger = None) -> None:
|
|
110
106
|
"""
|
|
111
107
|
Add to storage the parameters needed to produce and validate JWT tokens for *account_id*.
|
|
@@ -121,9 +117,7 @@ class JwtRegistry:
|
|
|
121
117
|
:param access_max_age: access token duration, in seconds
|
|
122
118
|
:param refresh_max_age: refresh token duration, in seconds
|
|
123
119
|
:param grace_interval: time to wait for token to be valid, in seconds
|
|
124
|
-
:param
|
|
125
|
-
:param token_nonce: optional value used to associate a client session with a token
|
|
126
|
-
:param request_timeout: timeout for the requests to the reference URL
|
|
120
|
+
:param request_timeout: timeout for the requests to the reference URL (in seconds)
|
|
127
121
|
:param remote_provider: whether the JWT provider is a remote server
|
|
128
122
|
:param logger: optional logger
|
|
129
123
|
"""
|
|
@@ -135,8 +129,6 @@ class JwtRegistry:
|
|
|
135
129
|
"access-max-age": access_max_age,
|
|
136
130
|
"refresh-max-age": refresh_max_age,
|
|
137
131
|
"grace-interval": grace_interval,
|
|
138
|
-
"token-audience": token_audience,
|
|
139
|
-
"token-nonce": token_nonce,
|
|
140
132
|
"request-timeout": request_timeout,
|
|
141
133
|
"remote-provider": remote_provider,
|
|
142
134
|
"claims": claims or {}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: pypomes_jwt
|
|
3
|
-
Version: 0.9.
|
|
3
|
+
Version: 0.9.4
|
|
4
4
|
Summary: A collection of Python pomes, penyeach (JWT module)
|
|
5
5
|
Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
|
|
6
6
|
Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
pypomes_jwt/__init__.py,sha256=t6TzpvttDuLMaKSGuBicOf9cZU4Y0N9mtby3ThS4lt8,1398
|
|
2
|
+
pypomes_jwt/jwt_constants.py,sha256=IQV39AiZKGuU8XxZBgJ-KJZQZ_mmnxyOnRZeuxlqDRk,4045
|
|
3
|
+
pypomes_jwt/jwt_pomes.py,sha256=0bnKkq-wBHqBoQYmHGxWamOHmehLqHSNUs08NUJHT6Q,21413
|
|
4
|
+
pypomes_jwt/jwt_registry.py,sha256=GbfDwMDUMjX8qJahMnOQ0FQUnxyiEuODrn6E-wIkDnk,25593
|
|
5
|
+
pypomes_jwt-0.9.4.dist-info/METADATA,sha256=bCKCOvGx0C7n89t3eO9U7h9g0rb0YoEyZB550E-L874,632
|
|
6
|
+
pypomes_jwt-0.9.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
7
|
+
pypomes_jwt-0.9.4.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
|
|
8
|
+
pypomes_jwt-0.9.4.dist-info/RECORD,,
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
pypomes_jwt/__init__.py,sha256=6AISZOs7JP695PnMSsYyKfoiMXvSzXffkv3nKw7qA1A,1356
|
|
2
|
-
pypomes_jwt/jwt_constants.py,sha256=IQV39AiZKGuU8XxZBgJ-KJZQZ_mmnxyOnRZeuxlqDRk,4045
|
|
3
|
-
pypomes_jwt/jwt_pomes.py,sha256=69mYNZsmj3BlHac92mUWV57rMtLxLUPCG5EjXGqPZgw,20025
|
|
4
|
-
pypomes_jwt/jwt_registry.py,sha256=TANRyMGxoO7sR2EwO_bgVzIMjM3OHAr7olvnSmMtwCQ,26020
|
|
5
|
-
pypomes_jwt-0.9.2.dist-info/METADATA,sha256=52uhFO9yDkXPDQhXW7G5BPsMB1YqQgza5MBcRN17xaE,632
|
|
6
|
-
pypomes_jwt-0.9.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
7
|
-
pypomes_jwt-0.9.2.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
|
|
8
|
-
pypomes_jwt-0.9.2.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|