{
"info": {
"author": "Laurence Rowe",
"author_email": "laurence@lrowe.co.uk",
"bugtrack_url": null,
"classifiers": [
"Intended Audience :: Developers",
"License :: OSI Approved :: BSD License",
"Operating System :: OS Independent",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.4",
"Programming Language :: Python :: 3.5",
"Programming Language :: Python :: 3.6",
"Programming Language :: Python :: 3.7",
"Topic :: Software Development :: Libraries :: Python Modules"
],
"description": "============================================================\nGoogle Cloud Identity-Aware Proxy Authentication for Pyramid\n============================================================\n\nThis package implements an authentication policy for Pyramid compatible with Google Cloud's `Identity-Aware Proxy `.\n\n\nConfiguration\n=============\n\nAfter configuring your Identity-Aware Proxy, get the *Signed Header JWT Audience* from its settings (detailed instructions in `Securing your app with signed headers `.)\n\nTo enable JWT support in a Pyramid application:\n\n.. code-block:: python\n\n from pyramid.config import Configurator\n from pyramid.authorization import ACLAuthorizationPolicy\n from pyramid_iap import JWTClaimAuthenticationPolicy\n\n def main():\n config = Configurator()\n # Pyramid requires an authorization policy to be active.\n config.set_authorization_policy(ACLAuthorizationPolicy())\n # Identity-Aware Proxy's Signed Header JWT Audience.\n audience = \"/projects/123/global/backendServices/456\"\n # Enable JWT authentication.\n config.include('pyramid_iap')\n config.add_iap_jwt_claims(audience)\n config.set_authentication_policy(JWTClaimAuthenticationPolicy())\n\nBy default, the userid is the \"sub\" claim of the JWT token (e.g. \"accounts.google.com:123456\".) To instead use the \"email\" claim (e.g. \"test@example.com\") specify:\n\n.. code-block:: python\n\n config.set_authentication_policy(JWTClaimAuthenticationPolicy(userid_claim=\"email\"))\n\n\nSettings\n========\n\nThere are a number of flags that specify how tokens are verified.\nYou can either set this in your .ini-file, or pass/override them directly to the ``config.add_iap_jwt_claims()`` function.\n\n+--------------+------------------+---------------+---------------------------------------------+\n| Parameter | ini-file entry | Default | Description |\n+==============+==================+===============+=============================================+\n| audience | iap.audience | | Verified audience for the token (required.) |\n+--------------+------------------+---------------+---------------------------------------------+\n\n\nUncommon settings\n-----------------\n\nThese settings are unlikely to be needed if you are running behind Google Cloud IAP.\n\n+--------------+-----------------+---------------+--------------------------------------------+\n| Parameter | ini-file entry | Default | Description |\n+==============+=================+===============+============================================+\n| public_key_url | iap.public_key_url | https://www.gstatic.com/iap/verify/public_key | Url of keys used to verify token signatures. |\n+--------------+-----------------+---------------+--------------------------------------------+\n| algorithm | iap.algorithm | ES256 | Hash or encryption algorithm |\n+--------------+-----------------+---------------+--------------------------------------------+\n| leeway | iap.leeway | 0 | Number of seconds a token is allowed to be expired before it is rejected. |\n+--------------+-----------------+---------------+--------------------------------------------+\n| http_header | iap.http_header | x-goog-iap-jwt-assertion | HTTP header used for tokens |\n+--------------+-----------------+---------------+--------------------------------------------+\n| auth_type | iap.auth_type | JWT | Authentication type used in Authorization header. Unused for other HTTP headers. |\n+--------------+-----------------+---------------+--------------------------------------------+\n\n\nDifferences with pyrmid_jwt\n===========================\n\nThis package is inspired by `pyramid_jwt ` and seeks to remain compatible where possible.\n\n* Public keys are fetched automatically from the ``public_key_url``.\n\n* The ``create_jwt_token`` request method is not available since it is the responsiblity of the Idenitity-Aware Proxy to issue tokens.\n\n* No authentication policy is configured by the ``add_iap_jwt_claims`` config method to provide flexibility for those using ``pyramid_multiauth``.\n\n\nChanges\n=======\n\n0.1 (2019-02-14)\n----------------\n\n* Initial release\n",
"description_content_type": "",
"docs_url": null,
"download_url": "",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "https://github.com/lrowe/pyramid_iap",
"keywords": "Pyramid JWT IAP authentication security",
"license": "BSD",
"maintainer": "",
"maintainer_email": "",
"name": "pyramid_iap",
"package_url": "https://pypi.org/project/pyramid_iap/",
"platform": "",
"project_url": "https://pypi.org/project/pyramid_iap/",
"project_urls": {
"Homepage": "https://github.com/lrowe/pyramid_iap"
},
"release_url": "https://pypi.org/project/pyramid_iap/0.1/",
"requires_dist": null,
"requires_python": "",
"summary": "Google Cloud Identity-Aware Proxy authentication policy for Pyramid",
"version": "0.1"
},
"last_serial": 4827774,
"releases": {
"0.1": [
{
"comment_text": "",
"digests": {
"md5": "35a6e6b035bdab79ec1156fc2ae6693b",
"sha256": "533f8817485a2671da4e8d11bdc0b42bdb45b90d4375da3d14ed6ce0d88df984"
},
"downloads": -1,
"filename": "pyramid_iap-0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "35a6e6b035bdab79ec1156fc2ae6693b",
"packagetype": "bdist_wheel",
"python_version": "3.7",
"requires_python": null,
"size": 5963,
"upload_time": "2019-02-16T03:06:46",
"url": "https://files.pythonhosted.org/packages/e0/96/197ed5736e18820e1e037636345c087521075cc26714995fffb329399ba8/pyramid_iap-0.1-py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "a3313daaac16f041c3b9cf7a0362a18d",
"sha256": "df77be0f80aa60520180fc3f00290d77e62cd94f533c01dd18039c7b527d6c1a"
},
"downloads": -1,
"filename": "pyramid_iap-0.1.tar.gz",
"has_sig": false,
"md5_digest": "a3313daaac16f041c3b9cf7a0362a18d",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 5390,
"upload_time": "2019-02-16T03:06:43",
"url": "https://files.pythonhosted.org/packages/17/95/65a081d5499ebf85a3bb85b1ea6d2983dff22a70e82fd273130351114b00/pyramid_iap-0.1.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "35a6e6b035bdab79ec1156fc2ae6693b",
"sha256": "533f8817485a2671da4e8d11bdc0b42bdb45b90d4375da3d14ed6ce0d88df984"
},
"downloads": -1,
"filename": "pyramid_iap-0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "35a6e6b035bdab79ec1156fc2ae6693b",
"packagetype": "bdist_wheel",
"python_version": "3.7",
"requires_python": null,
"size": 5963,
"upload_time": "2019-02-16T03:06:46",
"url": "https://files.pythonhosted.org/packages/e0/96/197ed5736e18820e1e037636345c087521075cc26714995fffb329399ba8/pyramid_iap-0.1-py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "a3313daaac16f041c3b9cf7a0362a18d",
"sha256": "df77be0f80aa60520180fc3f00290d77e62cd94f533c01dd18039c7b527d6c1a"
},
"downloads": -1,
"filename": "pyramid_iap-0.1.tar.gz",
"has_sig": false,
"md5_digest": "a3313daaac16f041c3b9cf7a0362a18d",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 5390,
"upload_time": "2019-02-16T03:06:43",
"url": "https://files.pythonhosted.org/packages/17/95/65a081d5499ebf85a3bb85b1ea6d2983dff22a70e82fd273130351114b00/pyramid_iap-0.1.tar.gz"
}
]
}