/security_interface

Simple API for authentication and authorization.

Primary LanguagePythonMIT LicenseMIT

https://img.shields.io/travis/com/theruziev/security_interface.svg?style=flat-square https://img.shields.io/codecov/c/github/theruziev/security_interface.svg?style=flat-square PyPI

Security Interface

This library provides an easy API for authentication and authorization.

Installation

Install with the following command

pip install security_interface

Usage

First of all you need to implement IdentityPolicyInterface and AuthorizationPolicyInterface interfaces. For example, we can implement JWT Security

import jwt
from security_interface import IdentityPolicyInterface, AuthorizationPolicyInterface

class JwtIdentityPolicy(IdentityPolicyInterface):
    def __init__(self, secret, algorithm="HS256"):
        self.algorithm = algorithm
        self.secret = secret

    async def identify(self, identity):
        if jwt is None:
            raise TypeError("Please install PyJWT")
        try:
            return jwt.decode(
                identity,
                self.secret,
                algorithms=[self.algorithm],
                options={"verify_exp": True, "verify_iat": True},
            )
        except Exception as e:
            return None

class JwtAuthPolicy(AuthorizationPolicyInterface):
    async def can(self, identity, permission):
        return permission in identity["scope"]

Create security instance with our implementation

from security_interface.api import Security
jwt_identity = JwtIdentityPolicy("SECRET")
jwt_auth_policy = JwtAuthPolicy()
security = Security(jwt_identity, jwt_auth_policy)
# Checking claim
security.identify(CLAIM)
# Checking permission
security.can(CLAIM, "read")
security.can(CLAIM, "write")

For full implementation see DEMO