/flask-jwt-consumer

Flask JWT consumer with multi public key support

Primary LanguagePythonMIT LicenseMIT

CircleCI Maintainability

Flask JWT consumer

Flask extension for JWT token validation

Based on pyJWT. Supports multi public key validation in form of simplified authorized_keys format, with only keys, and comments, no options. Good for key rotations or when you need multi issuer support.

Rational

Inspired by Flask JWT Simple, nice package I was enjoying until the need for multi key support. So that's where many backward compatible settings came from.

Configuration

  • JWT_ALGORITHM default RS256, algorithm used to decode JWT. As current iteration only asymmetric algorithms are considered. So anything symmetric will likely fail.
  • JWT_HEADER_NAME default Authorization, header where JWT expected to be.
  • JWT_HEADER_TYPE default Bearer, type of the token, part of the header's value.
  • JWT_IDENTITY optional, if provided JWT will use it.
  • JWT_AUTHORIZED_KEYS new line separated list of OpenSSH formatted keys.
  • VERIFY_AUD disable verification of aud during JWT decoding.

Decorators

@requires_jwt - use on the flask endpoint that is desired to be protected, accepts additional parameter pass_token_payload which will add named parameter token_payload at the very end of the parameters accepted by decorated function.

@requires_jwt
def get(search):
    # ...GET logic with search parameter

@requires_jwt(pass_token_payload=True)
def post(data, token_payload):
    # ...POST logic with data parameter and token payload