forked from spec-first/connexion
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for JWT authentication (spec-first#732)
* Add support for JWT * Add example for JWT * Add minimal JWT documentation
- Loading branch information
1 parent
fcba5af
commit 6ec1182
Showing
11 changed files
with
265 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
======================= | ||
JWT Auth Example | ||
======================= | ||
|
||
Running: | ||
|
||
.. code-block:: bash | ||
$ sudo pip3 install -r requirements.txt | ||
$ ./app.py | ||
Now open your browser and go to http://localhost:8080/ui/ to see the Swagger UI. | ||
Use endpoint **/auth** to generate JWT token, copy it, then click **Authorize** button and paste the token. | ||
Now you can use endpoint **/secret** to check autentication. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
#!/usr/bin/env python3 | ||
''' | ||
Basic example of a resource server | ||
''' | ||
|
||
import time | ||
|
||
import connexion | ||
import six | ||
from werkzeug.exceptions import Unauthorized | ||
|
||
from jose import JWTError, jwt | ||
|
||
JWT_ISSUER = 'com.zalando.connexion' | ||
JWT_SECRET = 'change_this' | ||
JWT_LIFETIME_SECONDS = 600 | ||
JWT_ALGORITHM = 'HS256' | ||
|
||
|
||
def generate_token(user_id): | ||
timestamp = _current_timestamp() | ||
payload = { | ||
"iss": JWT_ISSUER, | ||
"iat": int(timestamp), | ||
"exp": int(timestamp + JWT_LIFETIME_SECONDS), | ||
"sub": str(user_id), | ||
} | ||
|
||
return jwt.encode(payload, JWT_SECRET, algorithm=JWT_ALGORITHM) | ||
|
||
|
||
def decode_token(token): | ||
try: | ||
return jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM]) | ||
except JWTError as e: | ||
six.raise_from(Unauthorized, e) | ||
|
||
|
||
def get_secret(user, token_info) -> str: | ||
return ''' | ||
You are user_id {user} and the secret is 'wbevuec'. | ||
Decoded token claims: {token_info}. | ||
'''.format(user=user, token_info=token_info) | ||
|
||
|
||
def _current_timestamp() -> int: | ||
return int(time.time()) | ||
|
||
|
||
if __name__ == '__main__': | ||
app = connexion.FlaskApp(__name__) | ||
app.add_api('openapi.yaml') | ||
app.run(port=8080) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
openapi: 3.0.0 | ||
info: | ||
title: JWT Example | ||
version: '1.0' | ||
paths: | ||
/auth/{user_id}: | ||
get: | ||
summary: Return JWT token | ||
operationId: app.generate_token | ||
parameters: | ||
- name: user_id | ||
description: User unique identifier | ||
in: path | ||
required: true | ||
example: 12 | ||
schema: | ||
type: integer | ||
responses: | ||
'200': | ||
description: JWT token | ||
content: | ||
'text/plain': | ||
schema: | ||
type: string | ||
/secret: | ||
get: | ||
summary: Return secret string | ||
operationId: app.get_secret | ||
responses: | ||
'200': | ||
description: secret response | ||
content: | ||
'text/plain': | ||
schema: | ||
type: string | ||
security: | ||
- jwt: ['secret'] | ||
|
||
components: | ||
securitySchemes: | ||
jwt: | ||
type: http | ||
scheme: bearer | ||
bearerFormat: JWT | ||
x-bearerInfoFunc: app.decode_token |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
connexion>=2.0.0rc3 | ||
python-jose[cryptography] | ||
six>=1.9 | ||
Flask>=0.10.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters