{ "info": { "author": "Moises Hiraldo", "author_email": "moiseshiraldo@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Environment :: Web Environment", "Framework :: Django :: 2.0", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python :: 3.6", "Topic :: Internet :: WWW/HTTP" ], "description": "\n# PASETO authentication for Django REST framework\n\n[![PyPI version](https://badge.fury.io/py/django-rest-paseto-auth.svg)](https://badge.fury.io/py/django-rest-paseto-auth)\n[![Build Status](https://travis-ci.org/moiseshiraldo/django-rest-paseto-auth.svg?branch=master)](https://travis-ci.org/moiseshiraldo/django-rest-paseto-auth)\n[![Test coverage status](https://codecov.io/gh/moiseshiraldo/django-rest-paseto-auth/branch/master/graph/badge.svg)](https://codecov.io/gh/moiseshiraldo/django-rest-paseto-auth)\n\nStill in development, NOT READY for production.\n\nBefore using this, see https://github.com/paragonie/paseto for more information about PASETO and https://github.com/rlittlefield/pypaseto about the Python implementation.\n\n## Motivations and objectives\n\nI needed a token authentication system for a new project and none of the [available third party authentication pacakges](http://www.django-rest-framework.org/api-guide/authentication/#third-party-packages) covered my requirements completely. After some work developing my own system, I thought it would be interesting to share it and accept suggestions and contributions.\n\nMy goal is to build a token authentication system that meets the following requirements:\n\n- Secure and simple authentication using [Paseto (Platform-Agnostic SEcurity TOkens)](https://github.com/paragonie/paseto).\n- Front-end agnostic (browser apps, mobile apps, etc).\n- Suitable for user authentication and app integrations.\n- Facilitates both reactive (blacklist tokens) and proactive (check IP, user-agent header, etc) security measures.\n- Customisable token payloads, authentication conditions (transparent support for 2FA) and actions (i.e. check user login attempts).\n\n## Installation and configuration\n\nInstall using pip:\n\n`pip install django-rest-paseto-auth`\n\nGenerate a 32-bytes hexadecimal secret key:\n\n```python\nimport screts\nsecrets.token_hex(32)\n'55acd7321e85e62d0fe5ee6ea127ba4bd8ac90f6ea87f1bf2d3d5e816399d7d2'\n```\n\nAdd it to your Django configuration and keep it as secured as the project's [SECRET_KEY](https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SECRET_KEY):\n\n```python\nPASETO_KEY = '55acd7321e85e62d0fe5ee6ea127ba4bd8ac90f6ea87f1bf2d3d5e816399d7d2'\n```\n\nAdd `paseto_auth` to your installed applications:\n\n```python\nINSTALLED_APPS = (\n ...\n 'paseto_auth',\n)\n```\n\nAnd apply migrations:\n\n`python manage.py migrate paseto_auth`\n\nInclude paseto auth URLs:\n\n```python\nfrom django.urls import include, path\n\n\nurlpatterns = [\n path('api/auth/', include('paseto_auth.urls', namespace='paseto_auth')),\n]\n```\n\nFinally, add the authentication scheme to the `REST_FRAMEWORK` configuration or the views you want to protect:\n\n```python\nREST_FRAMEWORK = {\n 'DEFAULT_AUTHENTICATION_CLASSES': (\n 'paseto_auth.authentication.PasetoAuthentication',\n )\n}\n```\n\nOptional configuration with default values:\n\n```python\nPASETO_AUTH = {\n 'HEADER_PREFIX': 'Paseto', # Prefix for the authentication header, e.g. Bearer\n 'ACCESS_LIFETIME': 5*60, # Max: 10*60 seconds\n 'REFRESH_SHORT_LIFETIME': 12*3600, # Max: 24*3600 seconds\n 'REFRESH_LONG_LIFETIME': 30*24*3600, # Max: 60*24*3600 seconds\n 'REFRESH_PERMANENT_LIFETIME': 2*365*24*3600 # seconds\n}\n\n```\n\n## Usage\n\nTo get a token pair from user credentials:\n\n```shell\n$ curl \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n -d '{\"username\": \"testuser\", \"password\": \"qwerty\", \"remember\": true}' \\\n http://localhost:8000/api/auth/token/\n\n----\n\n{\n 'access_token': 'v2.local.wSpANWW6wNkQoVhqCWRkUp-wPfoc6fFsml7kmNlmuccDdLpqpVKmOZy6C1cYttzIt0OM-DL2uOWQKcahje0u1uSceG5mzXBZVMjDZnbXZMamF5X5JDTCZrAruVSGZ5EtliHJTFkHkgvp8c3Xmut9_8fWI09Qn6U0gaWPgM8hM_eRi7FXNHvE7ZeGOrE37SImnVZm-jCGBgMYjWzOowzQ6ZH6JvaC07eWyh6zsGQGM-l65sBlbJtTHA',\n 'refresh_token': 'v2.local.ZYSSnCB9Qc7FlABtXKq2Pl6uZ_Snd9P_iCBnxx18d1cYezN85fB40C_1YSr27lSVNdpeGX6usp8rEEnb3EHF5_B0sNfbG8HAoxqET0RDsVj9XSj5x8w-3jgHLzaHW-Zc6r9C_cY-wLRmMNL7obEq4ETwoYZTaLKcbxRH67GRCpQP1Rjil9ex9EGL6HKg26oJuxFG_hhlCzPYOMzgDDqUoQsl4AkdGq7fZzvZkBugXvVgY64s0TS2H10'\n}\n\n```\n\nThe `remember` parameter will determine the refresh token short/long lifetime (see configuration section).\n\nTo get a new access token:\n\n```shell\n$ curl \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n -d '{\"refresh_token\": \"v2.local.ZYSSnCB9Qc7FlABtXKq2Pl6uZ_Snd9P_iCBnxx18d1cYezN85fB40C_1YSr27lSVNdpeGX6usp8rEEnb3EHF5_B0sNfbG8HAoxqET0RDsVj9XSj5x8w-3jgHLzaHW-Zc6r9C_cY-wLRmMNL7obEq4ETwoYZTaLKcbxRH67GRCpQP1Rjil9ex9EGL6HKg26oJuxFG_hhlCzPYOMzgDDqUoQsl4AkdGq7fZzvZkBugXvVgY64s0TS2H10\"}' \\\n http://localhost:8000/api/auth/token/refresh/\n\n----\n\n{\n 'access_token': 'v2.local.wSpANWW6wNkQoVhqCWRkUp-wPfoc6fFsml7kmNlmuccDdLpqpVKmOZy6C1cYttzIt0OM-DL2uOWQKcahje0u1uSceG5mzXBZVMjDZnbXZMamF5X5JDTCZrAruVSGZ5EtliHJTFkHkgvp8c3Xmut9_8fWI09Qn6U0gaWPgM8hM_eRi7FXNHvE7ZeGOrE37SImnVZm-jCGBgMYjWzOowzQ6ZH6JvaC07eWyh6zsGQGM-l65sBlbJtTHA',\n}\n\n```\n\n## App tokens\n\nYou can create user-independent refresh tokens for app integrations, with a pesudo-permanent lifetime (`PAESETO_AUTH['REFRESH_PERMANENT_LIFETIME']` setting) and custom Django groups/permissions. For example, to implement something like GitHub personal API tokens, you could do:\n\n```python\nfrom paseto_auth.tokens import create_app_token\n\nobj, refresh_token = create_app_token(\n name=\"Custom application\",\n owner=user,\n groups=groups,\n perms=permissions,\n)\n```\n\nWhere owner is a generic foreign key to any object. A reversed relation could look like:\n\n```python\nfrom django.db import models\nfrom django.contrib.contenttypes.fields import GenericRelation\n\nclass MyUserModel(models.Model):\n ...\n api_tokens = GenericRelation('paseto_auth.AppRefreshToken')\n``` \n\nThe `create_app_token` function returns the token object stored in the database and the refresh token string, that can be used to obtain access tokens an authenticate like a normal user. The authentication class will return an instance of `AppIntegrationUser` that implements all the methods from the Django `PermissionsMixin`.\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/moiseshiraldo/django-rest-paseto-auth", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "django-rest-paseto-auth", "package_url": "https://pypi.org/project/django-rest-paseto-auth/", "platform": "", "project_url": "https://pypi.org/project/django-rest-paseto-auth/", "project_urls": { "Homepage": "https://github.com/moiseshiraldo/django-rest-paseto-auth" }, "release_url": "https://pypi.org/project/django-rest-paseto-auth/0.1.1/", "requires_dist": [ "Django (>=2)", "djangorestframework (>=3.8)", "paseto (>=0.0.5)" ], "requires_python": ">=3.6", "summary": "Paseto authentication for Django Rest Framework", "version": "0.1.1" }, "last_serial": 3862159, "releases": { "0.1.0.dev0": [ { "comment_text": "", "digests": { "md5": "e24095598ce26ce69e45e9b7c7539786", "sha256": "f765cf6920b49872bede74563e984052454371f4413e2b56df6b74a4b2170867" }, "downloads": -1, "filename": "django_rest_paseto_auth-0.1.0.dev0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "e24095598ce26ce69e45e9b7c7539786", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=3.6", "size": 9931, "upload_time": "2018-04-20T21:51:28", "url": "https://files.pythonhosted.org/packages/84/0f/400c5f5552132ab1f75f1b5b62ac2f1d77fdf63f5231e03534d93672bd53/django_rest_paseto_auth-0.1.0.dev0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1ba3b5aa81103c5edf140655f6e0a013", "sha256": "fa2517638d3e7f338b3d6a5a99bede6773cca4ef727d05649dc89efb66cf95b2" }, "downloads": -1, "filename": "django-rest-paseto-auth-0.1.0.dev0.tar.gz", "has_sig": false, "md5_digest": "1ba3b5aa81103c5edf140655f6e0a013", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 7370, "upload_time": "2018-04-20T21:51:29", "url": "https://files.pythonhosted.org/packages/bc/e0/d050b0a9412f7c19ec2e4a0af3b3d6183f1268f9274662639f332f6f9ca2/django-rest-paseto-auth-0.1.0.dev0.tar.gz" } ], "0.1.0.dev1": [ { "comment_text": "", "digests": { "md5": "3e119ac1f1373168823aaf5d4a0b01d4", "sha256": "4ef1225a3a69d3b4646fffba83760e02a03d2411595a37fd8e95ae83eb2b3e50" }, "downloads": -1, "filename": "django_rest_paseto_auth-0.1.0.dev1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "3e119ac1f1373168823aaf5d4a0b01d4", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=3.6", "size": 10873, "upload_time": "2018-04-21T18:36:28", "url": "https://files.pythonhosted.org/packages/88/f7/38d7744022fd02cd86288e22b5ae88f10fc6d1764a8dadd3ecf59909eec1/django_rest_paseto_auth-0.1.0.dev1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "de4f1a07158c79e9b6b47071f4e5a655", "sha256": "0c5dd6113a6e1a9fc769d32e62bdbc21c504297bf07d1ce04a979cca2cf22744" }, "downloads": -1, "filename": "django-rest-paseto-auth-0.1.0.dev1.tar.gz", "has_sig": false, "md5_digest": "de4f1a07158c79e9b6b47071f4e5a655", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 8855, "upload_time": "2018-04-21T18:36:29", "url": "https://files.pythonhosted.org/packages/2e/20/2537fea049f1be2f11309c5ceeb473f19e472f9e128217a41dc0ab1a5e32/django-rest-paseto-auth-0.1.0.dev1.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "1defcec64c8ded24cfc34e3b13256ad2", "sha256": "74de0d3f01133e4a4a1d2754336fc65bac030e2cd542b7d715008a24b3d5a62d" }, "downloads": -1, "filename": "django_rest_paseto_auth-0.1.1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "1defcec64c8ded24cfc34e3b13256ad2", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=3.6", "size": 12907, "upload_time": "2018-05-14T19:13:27", "url": "https://files.pythonhosted.org/packages/77/52/a7e06ac2b1e0e2eb5af8a9c4759cae9ee784177df0e9a61d57372555adb3/django_rest_paseto_auth-0.1.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "58ec88f00fd8f61eff24e4b7f2c402bd", "sha256": "fb5ff34b230f34f597c5ab8e3fc021b67ef87d7ee84a5fcf87a31348ff2d5d70" }, "downloads": -1, "filename": "django-rest-paseto-auth-0.1.1.tar.gz", "has_sig": false, "md5_digest": "58ec88f00fd8f61eff24e4b7f2c402bd", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 10478, "upload_time": "2018-05-14T19:13:28", "url": "https://files.pythonhosted.org/packages/dc/89/cde40de0a03890865607062c96e0928e8d0221d8e9dabb064ea99c662e72/django-rest-paseto-auth-0.1.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "1defcec64c8ded24cfc34e3b13256ad2", "sha256": "74de0d3f01133e4a4a1d2754336fc65bac030e2cd542b7d715008a24b3d5a62d" }, "downloads": -1, "filename": "django_rest_paseto_auth-0.1.1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "1defcec64c8ded24cfc34e3b13256ad2", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=3.6", "size": 12907, "upload_time": "2018-05-14T19:13:27", "url": "https://files.pythonhosted.org/packages/77/52/a7e06ac2b1e0e2eb5af8a9c4759cae9ee784177df0e9a61d57372555adb3/django_rest_paseto_auth-0.1.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "58ec88f00fd8f61eff24e4b7f2c402bd", "sha256": "fb5ff34b230f34f597c5ab8e3fc021b67ef87d7ee84a5fcf87a31348ff2d5d70" }, "downloads": -1, "filename": "django-rest-paseto-auth-0.1.1.tar.gz", "has_sig": false, "md5_digest": "58ec88f00fd8f61eff24e4b7f2c402bd", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 10478, "upload_time": "2018-05-14T19:13:28", "url": "https://files.pythonhosted.org/packages/dc/89/cde40de0a03890865607062c96e0928e8d0221d8e9dabb064ea99c662e72/django-rest-paseto-auth-0.1.1.tar.gz" } ] }