pypomes-jwt 1.1.4__py3-none-any.whl → 1.1.6__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of pypomes-jwt might be problematic. Click here for more details.
- pypomes_jwt/__init__.py +1 -1
- pypomes_jwt/jwt_pomes.py +9 -9
- pypomes_jwt/jwt_registry.py +14 -31
- {pypomes_jwt-1.1.4.dist-info → pypomes_jwt-1.1.6.dist-info}/METADATA +2 -2
- pypomes_jwt-1.1.6.dist-info/RECORD +8 -0
- pypomes_jwt-1.1.4.dist-info/RECORD +0 -8
- /pypomes_jwt/{jwt_configuration.py → jwt_config.py} +0 -0
- {pypomes_jwt-1.1.4.dist-info → pypomes_jwt-1.1.6.dist-info}/WHEEL +0 -0
- {pypomes_jwt-1.1.4.dist-info → pypomes_jwt-1.1.6.dist-info}/licenses/LICENSE +0 -0
pypomes_jwt/__init__.py
CHANGED
pypomes_jwt/jwt_pomes.py
CHANGED
|
@@ -10,7 +10,7 @@ from pypomes_db import (
|
|
|
10
10
|
)
|
|
11
11
|
from typing import Any
|
|
12
12
|
|
|
13
|
-
from .
|
|
13
|
+
from .jwt_config import JwtConfig, JwtDbConfig
|
|
14
14
|
from .jwt_registry import JwtRegistry
|
|
15
15
|
|
|
16
16
|
# the JWT registry
|
|
@@ -78,7 +78,7 @@ def jwt_set_account(account_id: str,
|
|
|
78
78
|
claims: dict[str, Any],
|
|
79
79
|
access_max_age: int = JwtConfig.ACCESS_MAX_AGE.value,
|
|
80
80
|
refresh_max_age: int = JwtConfig.REFRESH_MAX_AGE.value,
|
|
81
|
-
|
|
81
|
+
lead_interval: int = None,
|
|
82
82
|
logger: Logger = None) -> None:
|
|
83
83
|
"""
|
|
84
84
|
Establish the data needed to obtain JWT tokens for *account_id*.
|
|
@@ -92,7 +92,7 @@ def jwt_set_account(account_id: str,
|
|
|
92
92
|
:param claims: the JWT claimset, as key-value pairs
|
|
93
93
|
:param access_max_age: access token duration, in seconds
|
|
94
94
|
:param refresh_max_age: refresh token duration, in seconds
|
|
95
|
-
:param
|
|
95
|
+
:param lead_interval: optional time to wait for token to be valid, in seconds
|
|
96
96
|
:param logger: optional logger
|
|
97
97
|
"""
|
|
98
98
|
if logger:
|
|
@@ -103,7 +103,7 @@ def jwt_set_account(account_id: str,
|
|
|
103
103
|
claims=claims,
|
|
104
104
|
access_max_age=access_max_age,
|
|
105
105
|
refresh_max_age=max(refresh_max_age, access_max_age + 300),
|
|
106
|
-
|
|
106
|
+
lead_interval=lead_interval,
|
|
107
107
|
logger=logger)
|
|
108
108
|
|
|
109
109
|
|
|
@@ -302,7 +302,7 @@ def jwt_issue_token(errors: list[str] | None,
|
|
|
302
302
|
account_id: str,
|
|
303
303
|
nature: str,
|
|
304
304
|
duration: int,
|
|
305
|
-
|
|
305
|
+
lead_interval: int = None,
|
|
306
306
|
claims: dict[str, Any] = None,
|
|
307
307
|
logger: Logger = None) -> str:
|
|
308
308
|
"""
|
|
@@ -318,7 +318,7 @@ def jwt_issue_token(errors: list[str] | None,
|
|
|
318
318
|
:param nature: the token's nature, must be a single letter in the range *[B-Z]*, less *R*
|
|
319
319
|
:param duration: the number of seconds for the token to remain valid (at least 60 seconds)
|
|
320
320
|
:param claims: optional token's claims
|
|
321
|
-
:param
|
|
321
|
+
:param lead_interval: optional interval for the token to become active (in seconds)
|
|
322
322
|
:param logger: optional logger
|
|
323
323
|
:return: the JWT token data, or *None* if error
|
|
324
324
|
"""
|
|
@@ -334,7 +334,7 @@ def jwt_issue_token(errors: list[str] | None,
|
|
|
334
334
|
nature=nature,
|
|
335
335
|
duration=duration,
|
|
336
336
|
claims=claims,
|
|
337
|
-
|
|
337
|
+
lead_interval=lead_interval,
|
|
338
338
|
logger=logger)
|
|
339
339
|
if logger:
|
|
340
340
|
logger.debug(msg=f"Token is '{result}'")
|
|
@@ -511,8 +511,8 @@ def jwt_get_claims(errors: list[str] | None,
|
|
|
511
511
|
"""
|
|
512
512
|
Retrieve and return the claims set of a JWT *token*.
|
|
513
513
|
|
|
514
|
-
Any well-constructed JWT token may be provided in *token*, as this operation is not restricted
|
|
515
|
-
locally issued tokens. Note that neither the token's signature nor its expiration is verified.
|
|
514
|
+
Any well-constructed JWT token may be provided in *token*, as this operation is not restricted
|
|
515
|
+
to locally issued tokens. Note that neither the token's signature nor its expiration is verified.
|
|
516
516
|
|
|
517
517
|
Structure of the returned data, for locally issued tokens:
|
|
518
518
|
{
|
pypomes_jwt/jwt_registry.py
CHANGED
|
@@ -12,7 +12,7 @@ from pypomes_db import (
|
|
|
12
12
|
from threading import Lock
|
|
13
13
|
from typing import Any
|
|
14
14
|
|
|
15
|
-
from .
|
|
15
|
+
from .jwt_config import JwtConfig, JwtDbConfig
|
|
16
16
|
|
|
17
17
|
|
|
18
18
|
class JwtRegistry:
|
|
@@ -26,7 +26,7 @@ class JwtRegistry:
|
|
|
26
26
|
<account-id>: {
|
|
27
27
|
"access-max-age": <int>, # defaults to JWT_ACCESS_MAX_AGE (in seconds)
|
|
28
28
|
"refresh-max-age": <int>, # defaults to JWT_REFRESH_MAX_AGE (in seconds)
|
|
29
|
-
"
|
|
29
|
+
"lead-interval": <int>, # time to wait for token to be valid, in seconds
|
|
30
30
|
"claims": {
|
|
31
31
|
"iss": <string>, # token'ss issuer
|
|
32
32
|
"birthdate": <string>, # subject's birth date
|
|
@@ -35,9 +35,6 @@ class JwtRegistry:
|
|
|
35
35
|
"name": <string>, # subject's name
|
|
36
36
|
"roles": <List[str]>, # subject roles
|
|
37
37
|
"nonce": <string>, # used to associate a Client session with a token
|
|
38
|
-
# output, only
|
|
39
|
-
"valid-from": <string>, # token's start (<YYYY-MM-DDThh:mm:ss+00:00>)
|
|
40
|
-
"valid-until": <string>, # token's finish (<YYYY-MM-DDThh:mm:ss+00:00>)
|
|
41
38
|
...
|
|
42
39
|
}
|
|
43
40
|
},
|
|
@@ -63,8 +60,6 @@ class JwtRegistry:
|
|
|
63
60
|
|
|
64
61
|
Account-related claims are optional claims, and convey information about the registered account they belong to.
|
|
65
62
|
Alhough they can be freely specified, these are some of the most commonly used claims:
|
|
66
|
-
"valid-from": <string> token's start (<YYYY-MM-DDThh:mm:ss+00:00>)
|
|
67
|
-
"valid-until": <string> token's finish (<YYYY-MM-DDThh:mm:ss+00.00>)
|
|
68
63
|
"birthdate": <string> subject's birth date
|
|
69
64
|
"email": <string> subject's email
|
|
70
65
|
"gender": <string> subject's gender
|
|
@@ -92,7 +87,7 @@ class JwtRegistry:
|
|
|
92
87
|
claims: dict[str, Any],
|
|
93
88
|
access_max_age: int,
|
|
94
89
|
refresh_max_age: int,
|
|
95
|
-
|
|
90
|
+
lead_interval: int | None,
|
|
96
91
|
logger: Logger = None) -> None:
|
|
97
92
|
"""
|
|
98
93
|
Add to storage the parameters needed to produce and validate JWT tokens for *account_id*.
|
|
@@ -105,7 +100,7 @@ class JwtRegistry:
|
|
|
105
100
|
:param claims: the JWT claimset, as key-value pairs
|
|
106
101
|
:param access_max_age: access token duration, in seconds (at least 60 seconds)
|
|
107
102
|
:param refresh_max_age: refresh token duration, in seconds (greater than *access_max_age*)
|
|
108
|
-
:param
|
|
103
|
+
:param lead_interval: time to wait for token to be valid, in seconds
|
|
109
104
|
:param logger: optional logger
|
|
110
105
|
"""
|
|
111
106
|
# build and store the access data for the account
|
|
@@ -114,7 +109,7 @@ class JwtRegistry:
|
|
|
114
109
|
self.access_registry[account_id] = {
|
|
115
110
|
"access-max-age": access_max_age,
|
|
116
111
|
"refresh-max-age": refresh_max_age,
|
|
117
|
-
"
|
|
112
|
+
"lead-interval": lead_interval,
|
|
118
113
|
"claims": claims or {}
|
|
119
114
|
}
|
|
120
115
|
if logger:
|
|
@@ -155,7 +150,7 @@ class JwtRegistry:
|
|
|
155
150
|
account_id: str,
|
|
156
151
|
nature: str,
|
|
157
152
|
duration: int,
|
|
158
|
-
|
|
153
|
+
lead_interval: int = None,
|
|
159
154
|
claims: dict[str, Any] = None,
|
|
160
155
|
logger: Logger = None) -> str:
|
|
161
156
|
"""
|
|
@@ -170,7 +165,7 @@ class JwtRegistry:
|
|
|
170
165
|
:param nature: the token's nature, must be a single letter in the range *[B-Z]*, less *R*
|
|
171
166
|
:param duration: the number of seconds for the token to remain valid (at least 60 seconds)
|
|
172
167
|
:param claims: optional token's claims
|
|
173
|
-
:param
|
|
168
|
+
:param lead_interval: optional interval for the token to become active (in seconds)
|
|
174
169
|
:param logger: optional logger
|
|
175
170
|
:return: the JWT token
|
|
176
171
|
:raises RuntimeError: invalid parameter
|
|
@@ -203,16 +198,10 @@ class JwtRegistry:
|
|
|
203
198
|
current_claims["sub"] = account_id
|
|
204
199
|
just_now: int = int(datetime.now(tz=timezone.utc).timestamp())
|
|
205
200
|
current_claims["iat"] = just_now
|
|
206
|
-
if
|
|
207
|
-
current_claims["nbf"] = just_now +
|
|
208
|
-
current_claims["valid-from"] = datetime.fromtimestamp(timestamp=current_claims["nbf"],
|
|
209
|
-
tz=timezone.utc).isoformat()
|
|
210
|
-
else:
|
|
211
|
-
current_claims["valid-from"] = datetime.fromtimestamp(timestamp=current_claims["iat"],
|
|
212
|
-
tz=timezone.utc).isoformat()
|
|
201
|
+
if lead_interval:
|
|
202
|
+
current_claims["nbf"] = just_now + lead_interval
|
|
213
203
|
current_claims["exp"] = just_now + duration
|
|
214
|
-
|
|
215
|
-
tz=timezone.utc).isoformat()
|
|
204
|
+
|
|
216
205
|
# may raise an exception
|
|
217
206
|
return jwt.encode(payload=current_claims,
|
|
218
207
|
key=JwtConfig.ENCODING_KEY.value,
|
|
@@ -262,18 +251,12 @@ class JwtRegistry:
|
|
|
262
251
|
|
|
263
252
|
just_now: int = int(datetime.now(tz=timezone.utc).timestamp())
|
|
264
253
|
current_claims["iat"] = just_now
|
|
265
|
-
|
|
266
|
-
if
|
|
267
|
-
current_claims["nbf"] = just_now +
|
|
268
|
-
|
|
269
|
-
tz=timezone.utc).isoformat()
|
|
270
|
-
else:
|
|
271
|
-
current_claims["valid-from"] = datetime.fromtimestamp(timestamp=current_claims["iat"],
|
|
272
|
-
tz=timezone.utc).isoformat()
|
|
254
|
+
lead_interval = account_data.get("lead-interval")
|
|
255
|
+
if lead_interval:
|
|
256
|
+
current_claims["nbf"] = just_now + lead_interval
|
|
257
|
+
|
|
273
258
|
# issue a candidate refresh token first, and persist it
|
|
274
259
|
current_claims["exp"] = just_now + account_data.get("refresh-max-age")
|
|
275
|
-
current_claims["valid-until"] = datetime.fromtimestamp(timestamp=current_claims["exp"],
|
|
276
|
-
tz=timezone.utc).isoformat()
|
|
277
260
|
# may raise an exception
|
|
278
261
|
refresh_token: str = jwt.encode(payload=current_claims,
|
|
279
262
|
key=JwtConfig.ENCODING_KEY.value,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: pypomes_jwt
|
|
3
|
-
Version: 1.1.
|
|
3
|
+
Version: 1.1.6
|
|
4
4
|
Summary: A collection of Python pomes, penyeach (JWT module)
|
|
5
5
|
Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
|
|
6
6
|
Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues
|
|
@@ -12,5 +12,5 @@ Classifier: Programming Language :: Python :: 3
|
|
|
12
12
|
Requires-Python: >=3.12
|
|
13
13
|
Requires-Dist: cryptography>=44.0.2
|
|
14
14
|
Requires-Dist: pyjwt>=2.10.1
|
|
15
|
-
Requires-Dist: pypomes-core>=2.0.
|
|
15
|
+
Requires-Dist: pypomes-core>=2.0.4
|
|
16
16
|
Requires-Dist: pypomes-db>=2.1.1
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
pypomes_jwt/__init__.py,sha256=NZzjWKnhjxNuoE32V6soKo9sG5ypmt25V0mBAh3rAIs,793
|
|
2
|
+
pypomes_jwt/jwt_config.py,sha256=mtihd58_O00FuFXcNBKsabftG6UHu3Cj24i6cZXoskc,3096
|
|
3
|
+
pypomes_jwt/jwt_pomes.py,sha256=5d7xd0mCRbBZ65k0pMNeiF_UaZu5sfAojZDEs_wOT8Y,23509
|
|
4
|
+
pypomes_jwt/jwt_registry.py,sha256=Zfhv5bn53UcSPuPSHns4AVMv7izrzd75HPp5eId2dck,21993
|
|
5
|
+
pypomes_jwt-1.1.6.dist-info/METADATA,sha256=eTbk1Zi0snGQA9NAmmOW_pS0LwTWC5QFPNAYbu2LGNg,632
|
|
6
|
+
pypomes_jwt-1.1.6.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
7
|
+
pypomes_jwt-1.1.6.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
|
|
8
|
+
pypomes_jwt-1.1.6.dist-info/RECORD,,
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
pypomes_jwt/__init__.py,sha256=g4tjg7gt5_vwiHM_6-T6Ji4XYJ5py9RuzGmF2Z-qlXI,800
|
|
2
|
-
pypomes_jwt/jwt_configuration.py,sha256=mtihd58_O00FuFXcNBKsabftG6UHu3Cj24i6cZXoskc,3096
|
|
3
|
-
pypomes_jwt/jwt_pomes.py,sha256=oix-QLxno663wioj5W13zJahzzlQqTmtolkLqPFtKfI,23524
|
|
4
|
-
pypomes_jwt/jwt_registry.py,sha256=8M4Ixhf3FQedqWS6icpJVe-7Z9KMd9qc9BjECDTZ_tU,23597
|
|
5
|
-
pypomes_jwt-1.1.4.dist-info/METADATA,sha256=h4iHBGBfwx-3FFHkHFEOKvg58aFxfiXcTp6FGhfpRNI,632
|
|
6
|
-
pypomes_jwt-1.1.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
7
|
-
pypomes_jwt-1.1.4.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
|
|
8
|
-
pypomes_jwt-1.1.4.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|