{ "info": { "author": "R. Kevin Nelson", "author_email": "kevin@rkn.la", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Environment :: Web Environment", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 2.7", "Topic :: Internet :: WWW/HTTP :: Dynamic Content", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "JWT OAuth Access Token\n======================\n\nA library for generating and verifying signed JWT OAuth 2.0 access tokens.\n\n## Installation\n\n`pip install pyjoat`\n\n\n## Usage\n\nThe JOAT library is intended to be used for issuing tokens from the OAuth 2.0\n`/token` endpoint, as well as from resource servers to authenticate requests.\n\nHere is an example of token generation:\n\n```python\nimport joat\n\ndef generate_hmac_salt(jwt_claims):\n return \"the most secret hmac salt ever\"\n\njoat.salt_generator = generate_hmac_salt\n\nTokenGenerator = joat.TokenGenerator(\"My OAuth2 Provider\")\n\naccess_token = TokenGenerator.issue_token(client_id=\"abcd\",\n user_id=\"1234\",\n scope=[\"profile\", \"read\"])\n\nprint access_token\n# [line breaks added for readability only]\n# eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhYmNkIiwiaXNzIjoiTXk \\\n# gT0F1dGgyIFByb3ZpZGVyIiwiZXhwIjoxNDA3Mjk0NTcyLCJpYXQiOjE0MDcyOTA5NzI \\\n# sInNjcCI6WyJwcm9maWxlIiwicmVhZCJdLCJzdWIiOiIxMjM0In0.wgNhGiKQ0ppO0Xu \\\n# QhalGZmSommQROjBusCanRa_6Ydc\n```\n\nAnd one of parsing a token:\n\n```python\nimport joat\n\ndef generate_hmac_salt(jwt_claims):\n return \"the most secret hmac salt ever\"\n\njoat.salt_generator = generate_hmac_salt\n\ncredentials = joat.parse_token('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhYmNkIiwiaXNzIjoiTXkgT0F1dGgyIFByb3ZpZGVyIiwiZXhwIjoxNDA3Mjk0NTcyLCJpYXQiOjE0MDcyOTA5NzIsInNjcCI6WyJwcm9maWxlIiwicmVhZCJdLCJzdWIiOiIxMjM0In0.wgNhGiKQ0ppO0XuQhalGZmSommQROjBusCanRa_6Ydc')\n\nprint credentials\n# [again, line break added for readability]\n# {u'user_id': u'1234', u'authorized_scope': [u'profile', u'read'],\n# u'client_id': u'abcd', u'provider': u'My OAuth2 Provider'}\n```\n\n\n## Salt Generation\n\nBecause the payload of the JWT is easily readable by anyone with access to the\ntoken, a secure HMAC salt (or secret, depending on your preferred terminology)\nis of the utmost importance for token security, and to avoid allowing tokens\nissued by a malicious third party.\n\nTo this end, PyJOAT expects you to implement salt generation on your own. The\nJWT claims are passed into the salt generation method so that you may use the\npayload data to lookup or generate the salt for the client-user-scope\ncombination.\n\nYou may also pass a `jti` to the token generation method to augment the salt\ngeneration or otherwise keep track of the tokens you generate.\n\n```python\naccess_token = TokenGenerator.issue_token(client_id=\"abcd\",\n user_id=\"1234\",\n scope=[\"profile\", \"read\"],\n jti=\"your_token_id\")\n```", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/rknLA/joat", "keywords": "joat jwt json web access token oauth", "license": "MIT", "maintainer": null, "maintainer_email": null, "name": "PyJOAT", "package_url": "https://pypi.org/project/PyJOAT/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/PyJOAT/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/rknLA/joat" }, "release_url": "https://pypi.org/project/PyJOAT/1.1.1/", "requires_dist": null, "requires_python": null, "summary": "JWT OAuth 2.0 Access Token management", "version": "1.1.1" }, "last_serial": 1326996, "releases": { "1.0.1": [ { "comment_text": "", "digests": { "md5": "4501cedea65ed968fc2200ded80415fd", "sha256": "b6b380e527510bdf7b1a6e3f0c5e2b9080db39953767f066aa6305359eca9354" }, "downloads": -1, "filename": "PyJOAT-1.0.1.tar.gz", "has_sig": false, "md5_digest": "4501cedea65ed968fc2200ded80415fd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3840, "upload_time": "2014-08-07T20:01:38", "url": "https://files.pythonhosted.org/packages/1f/90/ec805d195f0389e52c9f280f5d850b0140a98f816cfeaf9f161d9eedaa31/PyJOAT-1.0.1.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "c58c6a7573cd668a6aedb2a24bd95b5a", "sha256": "a98f2ea82af0d14a932d49083aef8d55861edd9f2e2c0336c910da62c60fac60" }, "downloads": -1, "filename": "PyJOAT-1.1.0.tar.gz", "has_sig": false, "md5_digest": "c58c6a7573cd668a6aedb2a24bd95b5a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3835, "upload_time": "2014-09-23T11:33:31", "url": "https://files.pythonhosted.org/packages/49/57/5c5c2b137dbd748027cbc87d6c8d03bd97d6dcfaeb915ec59ffe2f8c7c2e/PyJOAT-1.1.0.tar.gz" } ], "1.1.1": [ { "comment_text": "", "digests": { "md5": "e7ee92e2ac31a30d19f8b5ef304a06a6", "sha256": "8a931f7ac9da72265ac6b12c1092fb5c06322c4cf57f94dfac4fb5c91d4a6331" }, "downloads": -1, "filename": "PyJOAT-1.1.1.tar.gz", "has_sig": false, "md5_digest": "e7ee92e2ac31a30d19f8b5ef304a06a6", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3860, "upload_time": "2014-12-01T18:38:13", "url": "https://files.pythonhosted.org/packages/e2/4b/14806e62f68d31b8679283a5b2527c4e516774324cd13f5080e1729b42e8/PyJOAT-1.1.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "e7ee92e2ac31a30d19f8b5ef304a06a6", "sha256": "8a931f7ac9da72265ac6b12c1092fb5c06322c4cf57f94dfac4fb5c91d4a6331" }, "downloads": -1, "filename": "PyJOAT-1.1.1.tar.gz", "has_sig": false, "md5_digest": "e7ee92e2ac31a30d19f8b5ef304a06a6", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3860, "upload_time": "2014-12-01T18:38:13", "url": "https://files.pythonhosted.org/packages/e2/4b/14806e62f68d31b8679283a5b2527c4e516774324cd13f5080e1729b42e8/PyJOAT-1.1.1.tar.gz" } ] }