aegis allows to protect endpoints and also provides authentication scoping.
pip install aegis
from aiohttp import web
from aegis import login_required, JWTAuth
class JWTAuthenticator(JWTAuth):
jwt_secret = "<secret>"
async def authenticate(self, request: web.Request) -> dict:
db = request.app["db"]
credentials = await request.json()
id_ = credentials["id"]
user = db.get(id_)
return user
@login_required
async def protected(request):
return web.json_response({'hello': 'user'})
def create_app():
app = web.Application()
app["db"] = {
5: {
"name": "test"
}
}
app.router.add_get('/protected', protected)
JWTAuthenticator.setup(app)
return app
if __name__ == "__main__":
app = create_app()
web.run_app(app)
Get access token
curl -X POST http://0.0.0.0:8080/auth -d '{"id": 5}'
{"access_token": "<access_token>"}
Get user
curl http://0.0.0.0:8080/protected -H 'Authorization: Bearer <access_token>'
{'hello': 'user'}
git clone https://github.com/mgurdal/aegis.git
cd aegis
make cov
- Python >= 3.6
- aiohttp
- PyJWT
aegis
is offered under the Apache 2 license.