Metadata-Version: 2.1
Name: atlassian-jwt-auth
Version: 13.0.0
Summary: Python implementation of the Atlassian Service to Service Authentication specification.
Home-page: https://github.com/atlassian/asap-authentication-python
Author: Atlassian
Author-email: dblack@atlassian.com
License: MIT
Project-URL: Bug Tracker, https://github.com/atlassian/asap-authentication-python/issues
Project-URL: Source Code, https://github.com/atlassian/asap-authentication-python
Platform: any
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: License :: OSI Approved :: MIT License
License-File: LICENSE
License-File: AUTHORS

============================
Atlassian JWT authentication
============================

.. image:: https://img.shields.io/travis/atlassian/asap-authentication-python/master.svg?label=Linux%20build%20%40%20Travis%20CI
   :target: http://travis-ci.org/atlassian/asap-authentication-python
.. image:: https://github.com/atlassian/asap-authentication-python/workflows/Tests/badge.svg
.. image:: https://img.shields.io/pypi/v/atlassian-jwt-auth.svg
   :target: https://pypi.org/project/atlassian-jwt-auth

This package provides an implementation of the `Service to Service Authentication <https://s2sauth.bitbucket.io/spec/>`_ specification.

----

Installation
============

To install simply run

.. code:: sh

    $ pip install atlassian-jwt-auth

Using this library
==================

To create a JWT for authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. code:: python

    import atlassian_jwt_auth


    signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem)
    a_jwt = signer.generate_jwt('audience')


To create a JWT using a file on disk in the conventional location
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Each time you call ``generate_jwt`` this will find the latest active key file (ends with ``.pem``) and use it to generate your JWT.

.. code:: python

    import atlassian_jwt_auth


    signer = atlassian_jwt_auth.create_signer_from_file_private_key_repository('issuer', '/opt/jwtprivatekeys')
    a_jwt = signer.generate_jwt('audience')

To create a JWT using a data uri
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. code:: python

    import atlassian_jwt_auth
    from atlassian_jwt_auth.key import DataUriPrivateKeyRetriever

    key_id, private_key_pem = DataUriPrivateKeyRetriever('Your base64 encoded data uri').load('issuer')
    signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem)
    a_jwt = signer.generate_jwt('audience')



To make an authenticated HTTP request
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you use the ``atlassian_jwt_auth.contrib.requests.JWTAuth`` provider, you
can automatically generate JWT tokens when using the ``requests`` library to
perform authenticated HTTP requests.

.. code:: python

    import atlassian_jwt_auth
    from atlassian_jwt_auth.contrib.requests import JWTAuth

    signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem)
    response = requests.get(
        'https://your-url',
        auth=JWTAuth(signer, 'audience')
    )

One can also use ``atlassian_jwt_auth.contrib.aiohttp.JWTAuth``
to authenticate ``aiohttp`` requests:

.. code:: python

    import aiohttp

    import atlassian_jwt_auth
    from atlassian_jwt_auth.contrib.aiohttp import JWTAuth

    signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem)

    async with aiohttp.ClientSession() as session:
        async with session.get('https://your-url',
                               auth=JWTAuth(signer, 'audience')) as resp:
            ...


If you want to reuse tokens that have the same claim within their period of validity
then pass through `reuse_jwts=True` when calling  `create_signer`.
For example:


.. code:: python

    import atlassian_jwt_auth
    from atlassian_jwt_auth.contrib.requests import JWTAuth

    signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem, reuse_jwts=True)
    response = requests.get(
        'https://your-url',
        auth=JWTAuth(signer, 'audience')
    )



To verify a JWT
~~~~~~~~~~~~~~~

.. code:: python

    import atlassian_jwt_auth

    public_key_retriever = atlassian_jwt_auth.HTTPSPublicKeyRetriever('https://example.com')
    verifier = atlassian_jwt_auth.JWTAuthVerifier(public_key_retriever)
    verified_claims = verifier.verify_jwt(a_jwt, 'audience')

For Python versions starting from ``Python 3.5``, note this library no longer supports python 3.5, ``atlassian_jwt_auth.contrib.aiohttp``
provides drop-in replacements for the components that
perform HTTP requests, so that they use ``aiohttp`` instead of ``requests``:

.. code:: python

    import atlassian_jwt_auth.contrib.aiohttp

    public_key_retriever = atlassian_jwt_auth.contrib.aiohttp.HTTPSPublicKeyRetriever('https://example.com')
    verifier = atlassian_jwt_auth.contrib.aiohttp.JWTAuthVerifier(public_key_retriever)
    verified_claims = await verifier.verify_jwt(a_jwt, 'audience')



