pypomes-jwt 0.9.2__tar.gz → 0.9.4__tar.gz

{pypomes_jwt-0.9.2 → pypomes_jwt-0.9.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_jwt
-Version: 0.9.2
+Version: 0.9.4
 Summary: A collection of Python pomes, penyeach (JWT module)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues

{pypomes_jwt-0.9.2 → pypomes_jwt-0.9.4}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "pypomes_jwt"
-version = "0.9.2"
+version = "0.9.4"
 authors = [
   { name="GT Nunes", email="wisecoder01@gmail.com" }
 ]

{pypomes_jwt-0.9.2 → pypomes_jwt-0.9.4}/src/pypomes_jwt/__init__.py

@@ -9,8 +9,8 @@ from .jwt_constants import (
 from .jwt_pomes import (
     jwt_needed, jwt_verify_request,
     jwt_assert_account, jwt_set_account, jwt_remove_account,
-    jwt_issue_token, jwt_issue_tokens, jwt_get_claims,
-    jwt_validate_token, jwt_revoke_token
+    jwt_issue_token, jwt_issue_tokens, jwt_refresh_tokens,
+    jwt_get_claims, jwt_validate_token, jwt_revoke_token
 )
 
 __all__ = [
@@ -24,8 +24,8 @@ __all__ = [
     # jwt_pomes
     "jwt_needed", "jwt_verify_request",
     "jwt_assert_account", "jwt_set_account", "jwt_remove_account",
-    "jwt_issue_token", "jwt_issue_tokens", "jwt_get_claims",
-    "jwt_validate_token", "jwt_revoke_token"
+    "jwt_issue_token", "jwt_issue_tokens", "jwt_refresh_tokens",
+    "jwt_get_claims", "jwt_validate_token", "jwt_revoke_token"
 ]
 
 from importlib.metadata import version

{pypomes_jwt-0.9.2 → pypomes_jwt-0.9.4}/src/pypomes_jwt/jwt_pomes.py

@@ -94,10 +94,8 @@ def jwt_set_account(account_id: str,
                     access_max_age: int = JWT_ACCESS_MAX_AGE,
                     refresh_max_age: int = JWT_REFRESH_MAX_AGE,
                     grace_interval: int = None,
-                    token_audience: str = None,
-                    token_nonce: str = None,
                     request_timeout: int = None,
-                    remote_provider: bool = True,
+                    remote_provider: bool = None,
                     logger: Logger = None) -> None:
     """
     Set the data needed to obtain JWT tokens for *account_id*.
@@ -108,8 +106,6 @@ def jwt_set_account(account_id: str,
     :param access_max_age: access token duration, in seconds
     :param refresh_max_age: refresh token duration, in seconds
     :param grace_interval: optional time to wait for token to be valid, in seconds
-    :param token_audience: optional audience the token is intended for
-    :param token_nonce: optional value used to associate a client session with a token
     :param request_timeout: timeout for the requests to the reference URL
     :param remote_provider: whether the JWT provider is a remote server
     :param logger: optional logger
@@ -132,8 +128,6 @@ def jwt_set_account(account_id: str,
                                access_max_age=access_max_age,
                                refresh_max_age=refresh_max_age,
                                grace_interval=grace_interval,
-                               token_audience=token_audience,
-                               token_nonce=token_nonce,
                                request_timeout=request_timeout,
                                remote_provider=remote_provider,
                                logger=logger)
@@ -263,7 +257,7 @@ def jwt_revoke_token(errors: list[str] | None,
 
     :param errors: incidental error messages
     :param account_id: the account identification
-    :param refresh_token: the token to be revolked
+    :param refresh_token: the token to be revoked
     :param logger: optional logger
     :return: *True* if operation could be performed, *False* otherwise
     """
@@ -327,7 +321,7 @@ def jwt_issue_token(errors: list[str] | None,
     result: str | None = None
 
     if logger:
-        logger.debug(msg=f"Issue a JWT token for '{account_id}'")
+        logger.debug(msg=f"Issuing a JWT token for '{account_id}'")
     op_errors: list[str] = []
 
     try:
@@ -355,7 +349,6 @@ def jwt_issue_token(errors: list[str] | None,
 def jwt_issue_tokens(errors: list[str] | None,
                      account_id: str,
                      account_claims: dict[str, Any] = None,
-                     refresh_token: str = None,
                      logger: Logger = None) -> dict[str, Any]:
     """
     Issue the JWT tokens associated with *account_id*, for access and refresh operations.
@@ -376,7 +369,6 @@ def jwt_issue_tokens(errors: list[str] | None,
     :param errors: incidental error messages
     :param account_id: the account identification
     :param account_claims: if provided, may supercede registered claims
-    :param refresh_token: if provided, defines a token refresh operation
     :param logger: optional logger
     :return: the JWT token data, or *None* if error
     """
@@ -384,34 +376,83 @@ def jwt_issue_tokens(errors: list[str] | None,
     result: dict[str, Any] | None = None
 
     if logger:
-        logger.debug(msg=f"Return JWT token data for '{account_id}'")
+        logger.debug(msg=f"Issuing a pair of JWT tokens for '{account_id}'")
+    op_errors: list[str] = []
+
+    try:
+        result = __jwt_registry.issue_tokens(account_id=account_id,
+                                             account_claims=account_claims,
+                                             logger=logger)
+        if logger:
+            logger.debug(msg=f"Token data is '{result}'")
+    except Exception as e:
+        # token issuing failed
+        op_errors.append(str(e))
+
+    if op_errors:
+        if logger:
+            logger.error("; ".join(op_errors))
+        if isinstance(errors, list):
+            errors.extend(op_errors)
+
+    return result
+
+
+def jwt_refresh_tokens(errors: list[str] | None,
+                       account_id: str,
+                       refresh_token: str = None,
+                       logger: Logger = None) -> dict[str, Any]:
+    """
+    Issue the JWT tokens associated with *account_id*, for access and refresh operations.
+
+    The claims in *refresh-token* are used on issuing the new tokens.
+
+    Structure of the return data:
+    {
+      "access_token": <jwt-token>,
+      "created_in": <timestamp>,
+      "expires_in": <seconds-to-expiration>,
+      "refresh_token": <jwt-token>
+    }
+
+    :param errors: incidental error messages
+    :param account_id: the account identification
+    :param refresh_token: the base refresh token
+    :param logger: optional logger
+    :return: the JWT token data, or *None* if error
+    """
+    # inicialize the return variable
+    result: dict[str, Any] | None = None
+
+    if logger:
+        logger.debug(msg=f"Refreshing a pair of JWT tokens for '{account_id}'")
     op_errors: list[str] = []
 
     # verify whether this refresh token is legitimate
     if refresh_token:
-        account_claims = (jwt_validate_token(errors=op_errors,
-                                             token=refresh_token,
-                                             natures=["R"],
-                                             account_id=account_id,
-                                             logger=logger) or {}).get("payload")
-        if account_claims:
+        account_claims: dict[str, Any] = (jwt_validate_token(errors=op_errors,
+                                                             token=refresh_token,
+                                                             natures=["R"],
+                                                             account_id=account_id,
+                                                             logger=logger) or {}).get("payload")
+        # revoke current refresh token
+        if account_claims and jwt_revoke_token(errors=errors,
+                                               account_id=account_id,
+                                               refresh_token=refresh_token,
+                                               logger=logger):
             account_claims.pop("exp", None)
             account_claims.pop("iat", None)
             account_claims.pop("iss", None)
             account_claims.pop("jti", None)
             account_claims.pop("nbt", None)
             account_claims.pop("sub", None)
-
-    if not op_errors:
-        try:
-            result = __jwt_registry.issue_tokens(account_id=account_id,
-                                                 account_claims=account_claims,
-                                                 logger=logger)
-            if logger:
-                logger.debug(msg=f"Token data is '{result}'")
-        except Exception as e:
-            # token issuing failed
-            op_errors.append(str(e))
+            # issue tokens
+            result = jwt_issue_tokens(errors=errors,
+                                      account_id=account_id,
+                                      account_claims=account_claims,
+                                      logger=logger)
+    else:
+        op_errors.append("Refresh token was not provided")
 
     if op_errors:
         if logger:

{pypomes_jwt-0.9.2 → pypomes_jwt-0.9.4}/src/pypomes_jwt/jwt_registry.py

@@ -33,9 +33,7 @@ class JwtRegistry:
            "access-max-age": <int>,      # in seconds - defaults to JWT_ACCESS_MAX_AGE
            "refresh-max-age": <int>,     # in seconds - defaults to JWT_REFRESH_MAX_AGE
            "grace-interval": <int>       # time to wait for token to be valid, in seconds
-           # optional
-           "token-audience": <string>    # the audience the token is intended for
-           "token_nonce": <string>       # value used to associate a client session with a token
+           "request-timeout": <int>      # timeout for the requests to the reference URL (in seconds)
            "claims": {
              "valid-from": <string>      # token's start (<YYYY-MM-DDThh:mm:ss+00:00>)
              "valid-until": <string>     # token's finish (<YYYY-MM-DDThh:mm:ss+00:00>)
@@ -45,7 +43,7 @@ class JwtRegistry:
              "gender": <string>,         # subject's gender
              "name": <string>,           # subject's name
              "roles": <List[str]>,       # subject roles
-             "nonce": <string>,          # value used to associate a Client session with a token
+             "nonce": <string>,          # used to associate a Client session with a token
              ...
            }
          },
@@ -78,7 +76,7 @@ class JwtRegistry:
        "gender": <string>       # subject's gender
        "name": <string>         # subject's name
        "roles": <List[str]>     # subject roles
-       "nonce": <string>        # value used to associate a client session with a token
+       "nonce": <string>        # used to associate a client session with a token
 
     The token header has these items:
       "alg": <string>           # the algorithm used to sign the token (one of *HS256*, *HS51*', *RSA256*, *RSA512*)
@@ -101,11 +99,9 @@ class JwtRegistry:
                     claims: dict[str, Any],
                     access_max_age: int,
                     refresh_max_age: int,
-                    grace_interval: int,
-                    token_audience: str,
-                    token_nonce: str,
-                    request_timeout: int,
-                    remote_provider: bool,
+                    grace_interval: int | None,
+                    request_timeout: int | None,
+                    remote_provider: bool | None,
                     logger: Logger = None) -> None:
         """
         Add to storage the parameters needed to produce and validate JWT tokens for *account_id*.
@@ -121,9 +117,7 @@ class JwtRegistry:
         :param access_max_age: access token duration, in seconds
         :param refresh_max_age: refresh token duration, in seconds
         :param grace_interval: time to wait for token to be valid, in seconds
-        :param token_audience: the audience the token is intended for
-        :param token_nonce: optional value used to associate a client session with a token
-        :param request_timeout: timeout for the requests to the reference URL
+        :param request_timeout: timeout for the requests to the reference URL (in seconds)
         :param remote_provider: whether the JWT provider is a remote server
         :param logger: optional logger
         """
@@ -135,8 +129,6 @@ class JwtRegistry:
                     "access-max-age": access_max_age,
                     "refresh-max-age": refresh_max_age,
                     "grace-interval": grace_interval,
-                    "token-audience": token_audience,
-                    "token-nonce": token_nonce,
                     "request-timeout": request_timeout,
                     "remote-provider": remote_provider,
                     "claims": claims or {}