This repository is part of lab for the NYU DevOps and Agile Methodologies class CSCI-GA.2810-001. It will show you how to implement JSON Web Tokens (JWT) for authentication using Python / Flask
Here are the key functions which can be found in service.py that make it all work:
This is the main wrapper. All work is done in this decorator function @token_required which can be placed before any route that you want to secure by requireing an api key be passed in the headers. It expects a JWT Bearer token in the Authorization header. It also passes the user name into the wrapped function so that user privialedges can be checked if needed.
def token_required(f):
@wraps(f)
def decorated(*args, **kwargs):
token = None
if 'Authorization' in request.headers:
bearer_token = request.headers.get('Authorization')
if bearer_token.startswith("Bearer "):
token = bearer_token.split("Bearer ")[1]
if not token:
return jsonify(message='Token is missing!'), 401
try:
data = jwt.decode(token, app.config['SECRET_KEY'])
current_user = data['username']
except:
return jsonify(message='Token is invalid!'), 401
return f(current_user, *args, **kwargs)
return decoratedThis the code that looks for the existence of the user authorization and builds the JWT token that must be used on subsiquent calls.
@app.route('/login')
def login():
auth = request.authorization
if not auth or not auth.username or not auth.password:
abort(401)
if check_auth(auth):
payload = {
'username': auth.username,
'exp' : datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
}
token = jwt.encode(payload, app.config['SECRET_KEY'])
return jsonify({'token': token.decode('UTF-8')})
abort(401)The test cases can be found in test_service.py. There is a helper function called login() in service.py that gets the JWT token so that the test clients can talk to the test server.
Use:
nosetestsTo run the tests.