# api-prototype Client sample

In [1]:
import requests
import yaml

In [2]:
config = yaml.load(open("config.yaml"), Loader=yaml.SafeLoader)
config

{'api': {'client_id': 'Knuffle Bunny',
  'client_secret': 'Aggle Flaggle',
  'url': 'http://localhost:8080/'},
 'auth0': {'auth_url': 'https://reecehart.us.auth0.com/oauth/token',
  'client_id': 'CB4c06bQUjXmc3tIvXfXrUZ4gn2zUTk0',
  'client_secret': 'aDQpKpc1cIJ_1g-jU2DyN5sYGVNKfQxocYCSP9pb65HHHCo62v1hKXqby81Vj-Oe',
  'grant_type': 'client_credentials',
  'audience': 'api-prototype'}}

## Generate the JWTs

In [3]:
# Generate a JWT with the API
resp = requests.get(
    url = config["api"]["url"] + "/auth")
resp.raise_for_status()
api_token = resp.json()["access_token"]

api_token

'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJtZSIsImlhdCI6MTY0MTc5NzI0MywiZXhwIjoxNjQyNDAyMDQzLCJhdWQiOiJhcGktcHJvdG90eXBlIiwic3ViIjoid2hvIGtub3dzPyJ9.BIoFoX53WwFety9MIIu6MMzf3J5UGWMSON2FwTg-Z38'

In [4]:
# Generate a JWT at Auth0
resp = requests.post(
    url = config["auth0"]["auth_url"],
    headers = {
        "content-type": "application/json",
    },
    json = {
        "client_id": config["auth0"]["client_id"],
        "client_secret": config["auth0"]["client_secret"],
        "grant_type": config["auth0"]["grant_type"],
        "audience": config["auth0"]["audience"],
    }
)
resp.raise_for_status()
auth0_token = resp.json()["access_token"]

auth0_token

'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImQ3cm81bkhrUUFwenRjS2tGQWNmbCJ9.eyJpc3MiOiJodHRwczovL3JlZWNlaGFydC51cy5hdXRoMC5jb20vIiwic3ViIjoiQ0I0YzA2YlFValhtYzN0SXZYZlhyVVo0Z24yelVUazBAY2xpZW50cyIsImF1ZCI6ImFwaS1wcm90b3R5cGUiLCJpYXQiOjE2NDE3OTcyNDMsImV4cCI6MTY0MTg4MzY0MywiYXpwIjoiQ0I0YzA2YlFValhtYzN0SXZYZlhyVVo0Z24yelVUazAiLCJndHkiOiJjbGllbnQtY3JlZGVudGlhbHMifQ.CnAak5bFNOwpXPNXrPPDJSIF6gzyA7TXHeBgQoYJcFOGl4tiuNTg_PQBHgnnatWnRyqKRYWACIxuzYbW5WGlod80l4Wr66VbuBRu_5YoXnbCtC2_txPhZPrdj80SBQHsy0m8sTF9XsDrFtAYpipmWldOhQXt55p6nH61YPWLlims_9gzocozhYHgExoLZvmjmYL_-aUes8SC5GsnAX5ZJFNkXjTmZiQRxax3jAwluu_1ILbBE69rhsLkpViz3VkgQ2fw7Yp_mmZxbAqm0W6aFRfCTQmVOLI1-brx9L1a0GNDrubI_SImGZvFb-yOXvp-XHv1STKREgAEx5uwM722rQ'

# Making a request

In [5]:
request_body = {
  "fastq_files": [
    "s3://somebucket/path/to/sample_R1.fastq.gz",
    "s3://somebucket/path/to/sample_R2.fastq.gz"
  ],
  "patient_info": {
    "biological_sex": "MALE",
    "dob": "2022-01-10",
    "first_name": "string",
    "last_name": "string",
    "middle_name": "string"
  },
  "product_id": "PR-012345.1"
}

url = config["api"]["url"]

In [6]:
resp = requests.post(
    url = url + "/request",
    headers = {
        "Authorization": "Bearer " + api_token
    },
    json = request_body
)
resp.raise_for_status()
resp.json()

{'request': {'fastq_files': ['s3://somebucket/path/to/sample_R1.fastq.gz',
   's3://somebucket/path/to/sample_R2.fastq.gz'],
  'patient_info': {'biological_sex': 'MALE',
   'dob': '2022-01-10',
   'first_name': 'string',
   'last_name': 'string',
   'middle_name': 'string'},
  'product_id': 'PR-012345.1'},
 'request_id': 'QR-8eaedc400e2b5721bc255f9f9c31f8b1',
 'sub': 'who knows?',
 'submitted_at': '2022-01-10T06:47:23.760973+00:00'}

In [7]:
resp = requests.post(
    url = url + "/request",
    headers = {
        "Authorization": "Bearer " + auth0_token
    },
    json = request_body
)
resp.raise_for_status()
resp.json()

{'request': {'fastq_files': ['s3://somebucket/path/to/sample_R1.fastq.gz',
   's3://somebucket/path/to/sample_R2.fastq.gz'],
  'patient_info': {'biological_sex': 'MALE',
   'dob': '2022-01-10',
   'first_name': 'string',
   'last_name': 'string',
   'middle_name': 'string'},
  'product_id': 'PR-012345.1'},
 'request_id': 'QR-025413cd7a004e5fcef65e51c1feccde',
 'sub': 'CB4c06bQUjXmc3tIvXfXrUZ4gn2zUTk0@clients',
 'submitted_at': '2022-01-10T06:47:23.771571+00:00'}

## Bonus: Decoding the JWTs

JWT decoding would typically happen on the service during validation.  It's shown here only for edification.

In [8]:
import jwt

In [9]:
s_config = yaml.load(open("../service/config.yaml"), Loader=yaml.SafeLoader)
s_config

{'users': {'client_id': 'Knuffle Bunny', 'client_secret': 'Aggle Flaggle'},
 'jwt': {'api': {'alg': 'HS256',
   'key': 'shared99secret!',
   'aud': 'api-prototype',
   'iss': 'me',
   'lifetime': 604800},
  'auth0': {'alg': 'RS256',
   'aud': 'api-prototype',
   'key': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZ3+mf5G2sPct+LzIdfc\ncbktMttw6ciUw7g6hRK24srZfwkJrWvm5E/HxLx5Hcaae0bGWQRpHHAw7hQYrWkQ\n5nvsUEb8GFnVGHdbewqlrx2OW7vK86THBD40LIzJ3EXY+/rb7Z7J+vCTxi8SHH2o\ngfk4rlrS4yOLFmxF7858/BgheXZpqXBSJ6s/NBKgIGd0JHG3E4cZm1oFCNGcgBoc\nm13Zmd0CvLgcAU3TQBFEMV3tmUCWVDChcecBLwxBMxTyKqxJMHfhymnmdPHN4Mqt\n/nO61Gkf0WWGzwWOceYLd9bDT0Hj7hTtuX0K8io+jGiTLdEjKjT+pfU169ItOWbQ\nTwIDAQAB\n-----END PUBLIC KEY-----\n'}}}

In [10]:
# ① self-generated token
jwt.get_unverified_header(api_token)

{'typ': 'JWT', 'alg': 'HS256'}

In [11]:
jwt.decode(
    api_token,
    algorithms="HS256",
    key=s_config["jwt"]["api"]["key"],
    audience=s_config["jwt"]["api"]["aud"],
)

{'iss': 'me',
 'iat': 1641797243,
 'exp': 1642402043,
 'aud': 'api-prototype',
 'sub': 'who knows?'}

In [12]:
jwt.get_unverified_header(auth0_token)

{'alg': 'RS256', 'typ': 'JWT', 'kid': 'd7ro5nHkQApztcKkFAcfl'}

In [13]:
# ② Auth0 Token
jwt.decode(
    auth0_token,
    algorithms="RS256",
    key=s_config["jwt"]["auth0"]["key"],
    audience=s_config["jwt"]["auth0"]["aud"],
)

{'iss': 'https://reecehart.us.auth0.com/',
 'sub': 'CB4c06bQUjXmc3tIvXfXrUZ4gn2zUTk0@clients',
 'aud': 'api-prototype',
 'iat': 1641797243,
 'exp': 1641883643,
 'azp': 'CB4c06bQUjXmc3tIvXfXrUZ4gn2zUTk0',
 'gty': 'client-credentials'}