A falcon middleware + authentication backends that adds authentication layer to you app/api service.
Install the extension with pip, or easy_install.
$ pip install -U falcon-authIf you wish to use the optional backends, specify those dependencies, too.
$ pip install -U falcon-auth[backend-hawk,backend-jwt]This package exposes a falcon middleware which takes an authentication backend
as an input and use it to authenticate requests. You can specify some routes and
methods which are exempted from authentication. Once the middleware authenticates
the request using the specified authentication backend, it add the authenticated
user to the request context
import falcon
from falcon_auth import FalconAuthMiddleware, BasicAuthBackend
user_loader = lambda username, password: { 'username': username }
auth_backend = BasicAuthBackend(user_loader)
auth_middleware = FalconAuthMiddleware(auth_backend,
exempt_routes=['/exempt'], exempt_methods=['HEAD'])
api = falcon.API(middleware=[auth_middleware])
class ApiResource:
def on_post(self, req, resp):
user = req.context['user']
resp.body = "User Found: {}".format(user['username'])Its possible to customize the exempt routes, exempt methods and authentication backend on a per resource basis as well
import falcon
from falcon_auth import FalconAuthMiddleware, BasicAuthBackend, TokenAuthBackend
# a loader function to fetch user from username, password
user_loader = lambda username, password: { 'username': username }
# basic auth backend
basic_auth = BasicAuthBackend(user_loader)
# Auth Middleware that uses basic_auth for authentication
auth_middleware = FalconAuthMiddleware(basic_auth)
api = falcon.API(middleware=[auth_middleware])
class ApiResource:
auth = {
'backend': TokenAuthBackend(user_loader=lambda token: { 'id': 5 }),
'exempt_methods': ['GET']
}
# token auth backend
def on_post(self, req, resp):
resp.body = "This resource uses token authentication"
def on_get(self, req, resp):
resp.body = "This resource doesn't need authentication"
api.add_route("/api", ApiResource())class ApiResource:
auth = {
'auth_disabled': True
}Once the middleware authenticates the request using the specified authentication backend, it add the authenticated user to the request context
class ApiResource:
def on_post(self, req, resp):
user = req.context['user']
resp.body = "User Found: {}".format(user['username'])- Basic Authentication
Implements HTTP Basic Authentication
wherein the HTTP Authorization header contains the user
credentials(username and password) encoded using base64 and a prefix (typically Basic)
- Token Authentication
Implements a Simple Token Based Authentication Scheme where HTTP Authorization
header contains a prefix (typically Token) followed by an API Token
- JWT Authentication (Python 2.7, 3.4+)
Token based authentication using the JSON Web Token standard If you wish to use this backend, be sure to add the optional dependency to your requirements (See Python "extras"):
falcon-auth[backend-jwt]
- Hawk Authentication (Python 2.6+, 3.4+)
Token based authentication using the Hawk "Holder-Of-Key Authentication Scheme" If you wish to use this backend, be sure to add the optional dependency to your requirements (See Python "extras"):
falcon-auth[backend-hawk]
- Dummy Authentication
Backend which does not perform any authentication checks
- Multi Backend Authentication
A Backend which comprises of multiple backends and requires any of them to authenticate the request successfully.
This library comes with a good set of tests which are included in tests/. To run
install pytest and simply invoke py.test or python setup.py test
to exercise the tests. You can check the test coverage by running
py.test --cov falcon_auth
.. autoclass:: falcon_auth.FalconAuthMiddleware
:members:
.. autoclass:: falcon_auth.BasicAuthBackend
:members:
.. autoclass:: falcon_auth.TokenAuthBackend
:members:
.. autoclass:: falcon_auth.JWTAuthBackend
:members:
.. autoclass:: falcon_auth.NoneAuthBackend
:members:
.. autoclass:: falcon_auth.MultiAuthBackend
:members: