API reference of zsl_jwt

zsl_jwt.codec

The module provides the two main functions encode() and decode() which encode and decode the given payload.

zsl_jwt.codec.CLAIMS = (u'exp', u'nbf', u'iss', u'aud', u'iat')

The list of JWT claim names.

exception zsl_jwt.codec.ZslJwtError[source]

Main exception type raised from this module.

exception zsl_jwt.codec.ZslJwtExpiredSignatureError[source]
exception zsl_jwt.codec.ZslJwtInvalidAudienceError[source]

When the audience of the token does not match the audience of the profile used to decode the token.

exception zsl_jwt.codec.ZslJwtInvalidNbfClaimError[source]
zsl_jwt.codec.decode(*args, **kwargs)[source]

Decodes the encoded token.

Parameters:
  • token – The encoded token.
  • jwt_configuration – The configuration, injected.
  • profile – The profile name used for encoding.
Returns:

The decoded payload.
zsl_jwt.codec.encode(*args, **kwargs)[source]

Encodes the payload. :param payload: The payload to be encoded. :param jwt_configuration: The JWT configuration, it is injected. :param algorithm: Algorithm name. A reasonable default is provided. :param profile: The JWT profile to be used. See

Returns:The JWT token.

zsl_jwt.configuration

class zsl_jwt.configuration.JWTConfiguration(default_secret=None, default_profile=None, profiles=None)[source]

The main JWT configuration object. Consists of several token profiles used for encoding/decoding. See zsl_jwt.configuration.JWTProfile.

class zsl_jwt.configuration.JWTProfile(secret, expiration=None, not_before=None, issuer=u'zsl_jwt', audience=u'zsl_jwt', algorithm=u'HS256')[source]
Each profile consits of its own
  • secret and all the JWT claims definitions:
  • audience: str - must match the audience in the decoding,
  • issuer name: str - just an information about the token issuer,
  • expiration: datetime.timedelta specifying when token becomes invalid,
  • not_before: datetime.timedelta specifying when token becomes valid,
  • algorithm: encryption algorithm used to create the token.
algorithm
audience

The audience of the token for which the token is intended. This must match the audience used for decoding. This is a standard JWT claim.

expiration

The time interval specifying when the token becomes invalid. The token is valid until time now + expiration. This is a standard JWT claim.

issuer

The issuer name. This is a standard JWT claim.

not_before

The time interval specifying when the token becomes valid. The token is valid from time now + not_before. This is a standard JWT claim.

secret

Key/secret used for encryption.

zsl_jwt.module

class zsl_jwt.module.JWTModule[source]

JWT module activation. Add to your IoCContainer to enable JWT support.

It just provides the zsl_jwt.configuration.JWTConfiguration so that the users may read the JWT configuration.

JWT_CONFIG_NAME = u'JWT'

Variable name in config used for JWT configuration

provide_jwt_configuration(*args, **kwargs)[source]

Returns the JWT configuration.

Parameters:config – Injected. Configuration object
Returns:Current JWT configuration.

zsl_jwt.configuration

The configuration of the authentication.

class zsl_jwt.auth.configuration.AuthConfiguration(authentication_service_class)[source]

Auth module configuration. It holds the string identifying the authentication service.

authentication_service_class

The string identifying the class implementing the zsl_jwt.auth.service.AuthenticationService which is used for login controller.

zsl_jwt.auth.module

This ZSL module reads the auth configuration and provides zsl_jwt.auth.configuration.AuthConfiguration and an instance of zsl_jwt.auth.service.AuthenticationService.

class zsl_jwt.auth.module.AuthModule[source]
AUTH_CONFIG_NAME = u'AUTH'
provide_authentication_service(*args, **kwargs)[source]

Returns the used authentication service.

Parameters:auth_config – Injected. Auth configuration.
Returns:The authentication service.
provide_jwt_configuration(*args, **kwargs)[source]

Returns the AuthConfiguration.

Parameters:config – Injected. Configuration object
Returns:Current authentication/authorization configuration.

zsl_jwt.auth.service

The abstraction of authentication service and user information.

class zsl_jwt.auth.service.AuthenticationService[source]

The service used for verifying username and password and querying the user information.

get_user_information(username)[source]

Returns the user information for the given username. :param username: :return: Tuple with the first element being the list of roles

(list of strings) and a user information, may be None.
verify_password(username, password)[source]

Verifies if the username, password combination is valid. Returns true iff it is, False otherwise. It should not raise exceptions.

class zsl_jwt.auth.service.StandardUserInformation(username, roles, user_object)[source]

Standard user information - contains username, roles (list of strings) and a user object, if wanted (may be None)

get_attributes()[source]
is_in_role(role)[source]
roles
user_object
username
zsl_jwt.auth.service.create_standard_user_information(username, roles, user_object)[source]

Creates the user information/representation from the given parameters.

zsl_jwt.auth.service.decode_to_standard_user_information(token, user_object_class=None, profile=u'default')[source]

Creates the user information/representation from the given auth token.

zsl_jwt.controller

Contains the login function.

zsl_jwt.auth.controller.authenticate(*args, **kwargs)[source]

The “login” function, from the given username/password returns the JWT. Use only as a delegate function in handling of tasks.

Parameters:
Returns:

error response if the credentials are invalid or jwt.