This package provides a python implementation of the Atlassian Service to Service Authentication specification.
Switch branches/tags
add-better-settings-for-test add-flask-contrib add-readme-to-contrib-dir add-support-for-data-uri add-support-for-multiple-key-repository-urls add_python_3.5_support allow-specifying-subject-for-django allow-specifying-subject amendment_to_spec clean-up-contrib-decorators-follow-up clean-up-contrib-decorators clean_up_module_imports django-and-flask-add-asap-leeway-setting django-asap-middleware-from-gmathews django erik/jti_ringbuffer-update erik/jti_ringbuffer explicit_kwargs extract-media-type-from-content-type-header feature/asyncio-support-minor-change fix-data-uri-provider-signer-usage fix-flask fix-regex-spec fix_private_key_repository_scanning flake8 generate-universal-wheel handle-key-repository-failures madams/add-badges madams/add-mailmap madams/add-requests madams/middleware-exclude-paths madams/reuse-key-retriever master mbertrand/BBCDEV-7502-small mbertrand/BBCDEV-7502 mbertrand/add-exceptions mbertrand/fix-decorator-header-check mbertrand/fix-super-call more-consistent-exception-use move-test-requirements-out-of-setup.py move-to-pycodestyle private_key_repository_scanning refactor-flask-tests reject-none-base-url requests-jwtauth-additional-claims retry-on-public-key-server-error-in-multi return-fast-when-no-token-and-not-required reuse-jwts-diff-approach reuse-jwts rework-frameworks-compat-test rework-frameworks-follow-up-v2 rework-frameworks-follow-up rework-frameworks-original rework-frameworks-rebased rework-frameworks speed-up-via-passing-loaded-private-key-2 speed-up-via-passing-loaded-private-key standardise-private-key-retriever support-disabling-jti-uniqueness-check support-kwargs-in-requests-create_jwt_auth support-specifying-subject support_providing_additional_claims test-clean-up update-asap-spec-location update_cachecontrol_from_0.12.3_to_0.12.4 update_cryptography_from_0.9.1_to_1.0.2 update_cryptography_from_1.1.1_to_1.2.1 update_cryptography_from_1.2.x_to_1.3.x update_cryptography_from_1.3.x_to_1.5.x update_cryptography_from_1.8.x_to_2.0.x update_cryptography_from_2.1.x_to_2.2.x update_cryptography_from_2.2.x_to_2.3.x update_dependencies_08_12_2015 update_pbr_from_1.0.1_to_1.8.1 update_pyjwt_from_1.3.0_to_1.4.0 update_pyjwt_from_1.4.0_to_1.4.1 update_pyjwt_from_1.4.2_to_1.5.2 update_requirements_01_03_2016 update_requirements_06_11_2015 update_requirements_15_03_2017 update_requirements_23_11_2017 wip-rework-frameworks-thoughts work-around-test-failure-in-python-3-without-aiohttp-installed
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
atlassian_jwt_auth
.gitignore
.mailmap
.travis.yml
AUTHORS
ChangeLog
LICENSE
README.rst
requirements.txt
setup.cfg
setup.py
test-requirements.txt

README.rst

Atlassian JWT authentication

https://img.shields.io/travis/atlassian/asap-authentication-python/master.svg?label=Linux%20build%20%40%20Travis%20CI

This package provides an implementation of the Service to Service Authentication specification.


Installation

To install simply run

$ pip install atlassian-jwt-auth

Using this library

To create a JWT for authentication

import atlassian_jwt_auth


signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem)
a_jwt = signer.generate_jwt('audience')

To create a JWT using a file on disk in the conventional location

Each time you call generate_jwt this will find the latest active key file (ends with .pem) and use it to generate your JWT.

import atlassian_jwt_auth


signer = atlassian_jwt_auth.create_signer_from_file_private_key_repository('issuer', '/opt/jwtprivatekeys')
a_jwt = signer.generate_jwt('audience')

To make an authenticated HTTP request

If you use the atlassian_jwt_auth.contrib.requests.JWTAuth provider, you can automatically generate JWT tokens when using the requests library to perform authenticated HTTP requests.

import atlassian_jwt_auth
from atlassian_jwt_auth.contrib.requests import JWTAuth

signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem)
response = requests.get(
    'https://your-url',
    auth=JWTAuth(signer, 'audience')
)

One can also use atlassian_jwt_auth.contrib.aiohttp.JWTAuth to authenticate aiohttp requests:

import aiohttp

import atlassian_jwt_auth
from atlassian_jwt_auth.contrib.aiohttp import JWTAuth

signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem)

async with aiohttp.ClientSession() as session:
    async with session.get('https://your-url',
                           auth=JWTAuth(signer, 'audience')) as resp:
        ...

If you want to reuse tokens that have the same claim within their period of validity then pass through reuse_jwts=True when calling create_signer. For example:

import atlassian_jwt_auth
from atlassian_jwt_auth.contrib.requests import JWTAuth

signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem, reuse_jwts=True)
response = requests.get(
    'https://your-url',
    auth=JWTAuth(signer, 'audience')
)

To verify a JWT

import atlassian_jwt_auth

public_key_retriever = atlassian_jwt_auth.HTTPSPublicKeyRetriever('https://example.com')
verifier = atlassian_jwt_auth.JWTAuthVerifier(public_key_retriever)
verified_claims = verifier.verify_jwt(a_jwt, 'audience')

For Python versions starting from Python 3.5 atlassian_jwt_auth.contrib.aiohttp provides drop-in replacements for the components that perform HTTP requests, so that they use aiohttp instead of requests:

import atlassian_jwt_auth.contrib.aiohttp

public_key_retriever = atlassian_jwt_auth.contrib.aiohttp.HTTPSPublicKeyRetriever('https://example.com')
verifier = atlassian_jwt_auth.contrib.aiohttp.JWTAuthVerifier(public_key_retriever)
verified_claims = await verifier.verify_jwt(a_jwt, 'audience')