Flask JWT Router is a Python library that adds authorised routes to a Flask app.

Overview

PyPI version Build Status codecov Codacy Badge Documentation Status PyPI - Python Version GitHub license

Flask JWT Router

Read the docs: Flask-JWT-Router

Flask JWT Router

Flask JWT Router is a Python library that adds authorised routes to a Flask app. Both basic & Google's OAuth2.0 authentication is supported.

Google-Cloud Google's OAuth2.0 supported

Google OAuth 2.0 Quick Start

Read the detailed instructions here: Flask-JWT-Router

oauth_options = {
    "client_id": "<CLIENT_ID>",
    "client_secret": "<CLIENT_SECRET>",
    "redirect_uri": "http://localhost:3000",
    "tablename": "users",
    "email_field": "email",
    "expires_in": 3600,
}

jwt_routes.init_app(app, google_oauth=oauth_options)

Now your front end needs a token. Create an endpoint & return a new access token from the clients header code. For Example::

from flask import request

@app.routes("/login", methods=["POST"])
def login():
    jwt_routes.google.oauth_login(request) # Pass in Flask's request

Now, the next time your front-end requests authorised resources flask-jwt-router will authenticate with this access token until it expires.

Installation

Stable version

pip install flask-jwt-router

Basic Usage

from flask import Flask
from flask_jwt_router import JwtRoutes

app = Flask(__name__)
# You are required to always set a unique SECRET_KEY for your app
app.config["SECRET_KEY"] = "your_app_secret_key"

JwtRoutes(app)

# If you're using the Flask factory pattern:
jwt_routes = JwtRoutes()  # Example with *entity_model - see below

def create_app(config):
   ...
   jwt_routes.init_app(app)

Whitelist Routes

app.config["WHITE_LIST_ROUTES"] = [
    ("POST", "/register"),
]

@app.route("/register", methods=["POST"])
def register():
    return "I don't need authorizing!"

Prefix your api name to whitelisted routes

    # All routes will
app.config["JWT_ROUTER_API_NAME"] = "/api/v1"
app.config["WHITE_LIST_ROUTES"] = [
    ("POST", "/register"),
]

@app.route("/api/v1/register", methods=["POST"])
def register():
    return "I don't need authorizing!"
   

Bypass Flask-JWT-Router on specified routes

    # Define homepage template routes for example on JWT_IGNORE_ROUTES 
    # & still get to use the api name on request handlers returning resources
    app.config["IGNORED_ROUTES"] = [
        ("GET", "/")
    ]

Declare an entity model

# Create your entity model (example uses Flask-SqlAlchemy)
class UserModel(db.Model):
    __tablename__ = "users"
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String)
    
# You can define the primary key name with `ENTITY_KEY` on Flask's config
app.config["ENTITY_KEY"] = "user_id"

# (`id` is used by default)
JwtRoutes(app, entity_models=[UserModel, TeacherModel, ...etc])

# Or pass later with `init_app`
def create_app(config):
    ...
    jwt_routes.init_app(app, entity_models=[UserModel, TeacherModel, ...etc])

Authorization

from your_app import jwt_routes

# white list the routes
app.config["WHITE_LIST_ROUTES"] = [
    ("POST", "/register"),
    ("POST", "/login"),
]

@app.route("/login", methods=["POST"])
def register():
    """I'm registering a new user & returning a token!"""
    return jsonify({
        "token": jwt_routes.create_token(entity_id=1, table_name='users')
    })

@app.route("/your_resource", methods=["POST"])
def login():
    """I'm authorized & updating my token!"""
    return jsonify({
        "token": jwt_routes.update_token(entity_id=1)
    })

*Warning: The table_name must be the same as your tablename or __tablename__ attribute's value. (With SqlAlchemy, you can define a __tablename__ attribute directly or else the name is derived from your entity’s database table name).

Setting the Token Expire Duration

There are two ways to set the expire duration of the JWT.

from your app config

        # Set the token expire duration to 7 days
        app.config["JWT_EXPIRE_DAYS"] = 7

calling the set_exp

        # Set the token expire duration to 14 days
        jwt_routes = JwtRoutes()
        # jwt_routes.init_app( ...etc
        jwt_routes.set_exp(expire_days=14)

By default the expire duration is set to 30 days

Create & update Tokens on Routes

Create a new entity & return a new token

@app.route("/register", methods=["POST"])
    def register():
        user_data = request.get_json()
        try:
            user = UserModel(**user_data)
            user.create_user() # your entity creation logic

            # Here we pass the id as a kwarg to `create_token`
            token: str = jwt_routes.create_token(entity_id=user.id, table_name="users")

            # Now we can return a new token!
            return {
                "message": "User successfully created.",
                "token": str(token),  # casting is optional
            }, 200

Access entity on Flask's global context

    from app import app, jwt_routes

    # Example uses Marshmallow to serialize entity object
    class EntitySchema(Schema):
        id = fields.Integer()
        name = fields.String()

    @app.route("/login", methods=["GET"])
    def login():
        user_data = g.get("users") # This is your SqlAlchemy `__tablename__` or the default name.
        try:
            user_dumped = UserSchema().dump(user_data)
        except ValidationError as _:
           return {
                       "error": "User requested does not exist."
                   }, 401
        return {
            "data": user_dumped,
            "token": jwt_routes.update_token(entity_id=user_data.id),
        }, 200
        

If you are handling a request with a token in the headers you can call::

    jwt_routes.update_token(entity_id=user_data.id)

If you are handling a request without a token in the headers you can call::

    jwt_routes.create_token(entity_id=user_data.id, table_name="users")

An Example configuration for registering & logging in users of different types:

    app.config["IGNORED_ROUTES"] = [("GET", "/")]
    app.config["JWT_ROUTER_API_NAME"] = "/api/v1"
    app.config["WHITE_LIST_ROUTES"] = [
        ("POST", "/auth/user"), ("POST", "/auth/user/login"),
        ("POST", "/auth/teacher"), ("POST", "/auth/teacher/login"),
    ]
    
    # Optionally, you can pass your models to Flask's config:
    app.config["ENTITY_MODELS"] = [ UserModel, TeacherModel, ...etc ]

JSON Web Token setup

To send the JSON web token from your front end, you will need to pass a Bearer string in your authorization header. For example:

    fetch(url, {
        headers: {
            Authorization: "Bearer <my_token>",
        }
    })

Routing without headers

If you require calling a resource without passing headers, then you can use the auth query param (useful when streaming video files):

    url = "http://example.com/cars?auth=my_token"

Google OAuth 2.0 with ReactJS

Flask-JWT-Router supports auth Google's OAuth 2.0 Single Sign On strategy if you are using React only. (We will provide Google's OAuth 2.0 Single Sign On strategy for server to server as soon as possible!).

Quick Start

Create a login route for Google's OAuth 2.0

   @app.route("/api/v1/google_login", methods=["POST"])
    def google_login():
        data = jwt_routes.google.oauth_login(request)
        return data, 200

We have created a ReactJS library specifically for Flask-JWT-Router - react-google-oauth2.0 In your React app directory install react-google-oauth2.0:

npm install react-google-oauth2 --save 

Testing

Testing OAuth2.0 in a Flask app is non-trivial, especially if you rely on Flask-JWT-Router to append your user onto Flask's global context (or g). Therefore we have provided a utility method that returns a headers Dict that you can then use in your test view handler request. This example is using the Pytest library:

    @pytest.fixture()
    def client():
        # See https://flask.palletsprojects.com/en/1.1.x/testing/ for details


    def test_blogs(client):
        user_headers = jwt_routes.google.create_test_headers(email="[email protected]")
        rv = client.get("/blogs", headers=user_headers)

If you are not running a db in your tests, then you can use the entity kwarg. For example:

# user is an instantiated SqlAlchemy object
user_headers = jwt_routes.google.create_test_headers(email="[email protected]", entity=user)
# user_headers: { "X-Auth-Token": "Bearer <GOOGLE_OAUTH2_TEST>" }

If you require more than one request to a Flask view handler in a single unit test, then set the scope kwarg to application. (Default is function) For example:

_ = jwt_routes.google.create_test_headers(email="[email protected]", scope="application")

Authors

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

Make sure you have Python versions: 3.6, 3.7, 3.8 Then run:

    tox

To check the docs look good locally you can run:

    make html

License

MIT

Comments
  • Changed the the `entity_type` kwarg to `table_name` #111 and `register_entity` now throws exception if user hasn't passed `table_name` #91

    Changed the the `entity_type` kwarg to `table_name` #111 and `register_entity` now throws exception if user hasn't passed `table_name` #91

    #111

    1. Changed the the entity_type kwarg to table_name
    2. Added Deprecation warning for the entity_type kwargs

    #91

    1. Added test function to test whether register_entity throws an exception on not passing the table_name key
    2. Added code to throw KeyError exception in register_entity function of FlaskJWTRouter class if user doesn't pass a table_name
    opened by kousikmitra 19
  • remove 's' from entity on g context

    remove 's' from entity on g context

    when the entity data is assigned to Flask global context it can derive from a plural table entity name (especially if the user uses the tablename attribute). So removing the 's' makes it clearer when returning the global context entity value

    user = g.user 3 . # not g.users 
    
    enhancement help wanted good first issue 
    opened by joegasewicz 15
  • Change the the entity_type kwarg to table_name

    Change the the entity_type kwarg to table_name

    Our API has 2 public methods, one of which is register_entity. This currently requires a kwarg of entity_type to donate the table name, which is confusing to the user.

    Change register_entity method's kwarg of entity_type to table_name. This may result in updating other parts of the codebase, docs, README, blog and tests.

    enhancement help wanted good first issue discussion 
    opened by joegasewicz 10
  • Fixed Returning 401 on any unauthorised routes #47

    Fixed Returning 401 on any unauthorised routes #47

    Implemented a method called _is_route_exist in _routing.py which checks whether a particular route exist in the current app to handle the requested URL. If a router exists it returns True else returns False Depending on the result the further processing is done as before.

    opened by kousikmitra 8
  • Handle possibly URL breaking characters

    Handle possibly URL breaking characters

    If the used variables for building the URL contain any URL characters such as &, /, =, they would create a possibly broken URL. Safer to assume they do and use the builtin urlencode. Also cleans up building the URL.

    opened by fre-sch 4
  • Throw exception if user hasn't passed a valid entity_type

    Throw exception if user hasn't passed a valid entity_type

    https://github.com/joegasewicz/Flask-JWT-Router/blob/8a273366aaceeb4e21938f2cdb69257a74d584d4/flask_jwt_router/_authentication.py#L92

    Check if entity_type kwarg exists, if not throw with a meaningful message to the user.

    enhancement help wanted good first issue 
    opened by joegasewicz 4
  • Outdated docstring - nice easy fix for a beginner developer!

    Outdated docstring - nice easy fix for a beginner developer!

    Therefore we have provided a utility method that returns a headers Dict that you can then use in your test view handler request. Should be: Therefore we have provided a utility method that you can then use in your test view handler request.

    here: https://github.com/joegasewicz/flask-jwt-router/blob/e6e5bad9d5a3ecaff51279a05fa8a24e8cc44de8/flask_jwt_router/oauth2/google.py#L95

    here (should return -> str):

    https://github.com/joegasewicz/flask-jwt-router/blob/e6e5bad9d5a3ecaff51279a05fa8a24e8cc44de8/flask_jwt_router/oauth2/google.py#L248

    here (Should just return Bearer [email protected]): https://github.com/joegasewicz/flask-jwt-router/blob/e6e5bad9d5a3ecaff51279a05fa8a24e8cc44de8/flask_jwt_router/oauth2/google.py#L266

    documentation help wanted good first issue 
    opened by joegasewicz 3
  • Query params for token, change arg to `bearer`

    Query params for token, change arg to `bearer`

    Change the Query string params for sending a token with the url from the current auth to bearer: https://github.com/joegasewicz/Flask-JWT-Router/blob/d0f82b8aca4894d57c1a49fd132fa65ba904c844/flask_jwt_router/_routing.py#L166

    And update the README.md as this is quite a useful feature for users of this library, especially for streaming video:

    <video>
        <source  url='http://localhost:5000/api/v1/video/hello.mp4?bearer=dfv.dfd.fewf.... />
         ...
    
    help wanted good first issue 
    opened by joegasewicz 2
  • Add Models to JWTRoutes class & init_app method #119

    Add Models to JWTRoutes class & init_app method #119

    Adds to the public api the model declarations. We will continue to provide the option to declare models on Flask's config.

    @kousikmitra @neilong31 would be grateful for a review, thank you

    opened by joegasewicz 2
  • Bump pyjwt from 1.7.1 to 2.4.0 in /docs

    Bump pyjwt from 1.7.1 to 2.4.0 in /docs

    Bumps pyjwt from 1.7.1 to 2.4.0.

    Release notes

    Sourced from pyjwt's releases.

    2.4.0

    Security

    What's Changed

    New Contributors

    Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0

    2.3.0

    What's Changed

    ... (truncated)

    Changelog

    Sourced from pyjwt's changelog.

    v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

    Security

    
    - [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
    

    Changed

    
    - Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
    - Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742
    

    Fixed

    
    - Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
    - documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
    - fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
    - Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743
    
    Added
    
    • Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
    • api_jwk: Add PyJWKSet.getitem by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
    • Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
    • Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
    • Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
    • Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
    • Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
    • Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751

    v2.3.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&amp;gt;__

    Fixed

    
    - Revert &amp;quot;Remove arbitrary kwargs.&amp;quot; `[#701](https://github.com/jpadilla/pyjwt/issues/701) &amp;lt;https://github.com/jpadilla/pyjwt/pull/701&amp;gt;`__
    
    Added
    
    • Add exception chaining [#702](https://github.com/jpadilla/pyjwt/issues/702) &amp;lt;https://github.com/jpadilla/pyjwt/pull/702&amp;gt;__

    v2.2.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&amp;gt;__

    &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary>

    <ul> <li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/1.7.1...2.4.0">compare view</a></li> </ul> </details>

    <br />

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump bleach from 3.1.2 to 3.1.4

    Bump bleach from 3.1.2 to 3.1.4

    Bumps bleach from 3.1.2 to 3.1.4.

    Changelog

    Sourced from bleach's changelog.

    Version 3.1.4 (March 24th, 2020)

    Security fixes

    • bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS).

      Calls to bleach.clean with an allowed tag with an allowed style attribute were vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

      This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1, v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar regular expression and should be considered vulnerable too.

      Anyone using Bleach <=v3.1.3 is encouraged to upgrade.

      https://bugzilla.mozilla.org/show_bug.cgi?id=1623633

    Backwards incompatible changes

    • Style attributes with dashes, or single or double quoted values are cleaned instead of passed through.

    Features

    None

    Bug fixes

    None

    Version 3.1.3 (March 17th, 2020)

    Security fixes

    None

    Backwards incompatible changes

    None

    Features

    • Add relative link to code of conduct. (#442)

    • Drop deprecated 'setup.py test' support. (#507)

    ... (truncated)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump certifi from 2020.11.8 to 2022.12.7

    Bump certifi from 2020.11.8 to 2022.12.7

    Bumps certifi from 2020.11.8 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump certifi from 2020.11.8 to 2022.12.7 in /docs

    Bump certifi from 2020.11.8 to 2022.12.7 in /docs

    Bumps certifi from 2020.11.8 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump pyjwt from 2.0.0 to 2.4.0

    Bump pyjwt from 2.0.0 to 2.4.0

    Bumps pyjwt from 2.0.0 to 2.4.0.

    Release notes

    Sourced from pyjwt's releases.

    2.4.0

    Security

    What's Changed

    New Contributors

    Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0

    2.3.0

    What's Changed

    ... (truncated)

    Changelog

    Sourced from pyjwt's changelog.

    v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

    Security

    
    - [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
    

    Changed

    
    - Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
    - Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742
    

    Fixed

    
    - Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
    - documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
    - fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
    - Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743
    
    Added
    
    • Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
    • api_jwk: Add PyJWKSet.getitem by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
    • Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
    • Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
    • Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
    • Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
    • Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
    • Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751

    v2.3.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&amp;gt;__

    Fixed

    
    - Revert &amp;quot;Remove arbitrary kwargs.&amp;quot; `[#701](https://github.com/jpadilla/pyjwt/issues/701) &amp;lt;https://github.com/jpadilla/pyjwt/pull/701&amp;gt;`__
    
    Added
    
    • Add exception chaining [#702](https://github.com/jpadilla/pyjwt/issues/702) &amp;lt;https://github.com/jpadilla/pyjwt/pull/702&amp;gt;__

    v2.2.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&amp;gt;__

    &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary>

    <ul> <li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.0.0...2.4.0">compare view</a></li> </ul> </details>

    <br />

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Router test mixin should not duplicate any code from the Router class

    Router test mixin should not duplicate any code from the Router class

    Currently there is some code duplication within the handle_token methods.

    Employ a hook system to pull in the logic as required, could use a generator function etc...

    enhancement 
    opened by joegasewicz 0
Releases(0.2.1)
Owner
Joe Gasewicz
Hi! I'm a Python, Typescript, Go & C Developer. I'm also a Jazz bassist. I'm based in London, UK & available for contracts in mid April 2021
Joe Gasewicz
Simple yet powerful authorization / authentication client library for Python web applications.

Authomatic Authomatic is a framework agnostic library for Python web applications with a minimalistic but powerful interface which simplifies authenti

1k Dec 28, 2022
Djagno grpc authentication service with jwt auth

Django gRPC authentication service STEP 1: Install packages pip install -r requirements.txt STEP 2: Make migrations and migrate python manage.py makem

Saeed Hassani Borzadaran 3 May 16, 2022
examify-io is an online examination system that offers automatic grading , exam statistics , proctoring and programming tests , multiple user roles

examify-io is an online examination system that offers automatic grading , exam statistics , proctoring and programming tests , multiple user roles ( Examiner , Supervisor , Student )

Ameer Nasser 4 Oct 28, 2021
Simple two factor authemtication system, made by me.

Simple two factor authemtication system, made by me. Honestly, i don't even know How 2FAs work I just used my knowledge and did whatever i could. Send

Refined 5 Jan 04, 2022
Simplifying third-party authentication for web applications.

Velruse is a set of authentication routines that provide a unified way to have a website user authenticate to a variety of different identity provider

Ben Bangert 253 Nov 14, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Jazzband 3.2k Dec 28, 2022
python-social-auth and oauth2 support for django-rest-framework

Django REST Framework Social OAuth2 This module provides OAuth2 social authentication support for applications in Django REST Framework. The aim of th

1k Dec 22, 2022
This program automatically logs you into a Zoom session at your alloted time

This program automatically logs you into a Zoom session at your alloted time. Optionally you can choose to have end the session at your allotted time.

9 Sep 19, 2022
AddressBookApp - Address Book App in Django

AddressBookApp Application Name Address Book App in Django, 2022 Technologies La

Joshua K 1 Aug 18, 2022
A Python inplementation for OAuth2

OAuth2-Python Discord Inplementation for OAuth2 login systems. This is a simple Python 'app' made to inplement in your programs that require (shitty)

Prifixy 0 Jan 06, 2022
Minimal authorization through OO design and pure Ruby classes

Pundit Pundit provides a set of helpers which guide you in leveraging regular Ruby classes and object oriented design patterns to build a simple, robu

Varvet 7.8k Jan 02, 2023
This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)

Welcome to django-rest-auth Repository is unmaintained at the moment (on pause). More info can be found on this issue page: https://github.com/Tivix/d

Tivix 2.4k Jan 03, 2023
python-social-auth and oauth2 support for django-rest-framework

Django REST Framework Social OAuth2 This module provides OAuth2 social authentication support for applications in Django REST Framework. The aim of th

1k Dec 22, 2022
row level security for FastAPI framework

Row Level Permissions for FastAPI While trying out the excellent FastApi framework there was one peace missing for me: an easy, declarative way to def

Holger Frey 315 Dec 25, 2022
Python's simple login system concept - Advanced level

Simple login system with Python - For beginners Creating a simple login system using python for beginners this repository aims to provide a simple ove

Low_Scarlet 1 Dec 13, 2021
This python package provides a simple password reset strategy for django rest framework

Django Rest Password Reset This python package provides a simple password reset strategy for django rest framework, where users can request password r

Anexia 363 Dec 24, 2022
A fully tested, abstract interface to creating OAuth clients and servers.

Note: This library implements OAuth 1.0 and not OAuth 2.0. Overview python-oauth2 is a python oauth library fully compatible with python versions: 2.6

Joe Stump 3k Jan 02, 2023
Imia is an authentication library for Starlette and FastAPI (python 3.8+).

Imia Imia (belarussian for "a name") is an authentication library for Starlette and FastAPI (python 3.8+). Production status The library is considered

Alex Oleshkevich 91 Nov 24, 2022
Spotify User Token Generator Template

Spotify User Token Generator Template Quick Start $ pip3 install -r requirements

Arda Soyer 1 Feb 01, 2022
Web authentication testing framework

What is this This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticate

OWASP 88 Jan 01, 2023