Flask-Cognito
-------------
Authenticate users based on AWS Cognito JWT.
# Initialization
```python3
# configuration
app.config.update({
'COGNITO_REGION': 'eu-central-1',
'COGNITO_USERPOOL_ID': 'eu-central-1c3fea2',
# optional
'COGNITO_APP_CLIENT_ID': 'abcdef123456', # client ID you wish to verify user is authenticated against
'COGNITO_CHECK_TOKEN_EXPIRATION': False, # disable token expiration checking for testing purposes
'COGNITO_JWT_HEADER_NAME': 'X-MyApp-Authorization',
'COGNITO_JWT_HEADER_PREFIX': 'Bearer',
})
# initialize extension
from flask_cognito import CognitoAuth
cogauth = CognitoAuth(app)
@cogauth.identity_handler
def lookup_cognito_user(payload):
"""Look up user in our database from Cognito JWT payload."""
return User.query.filter(User.cognito_username == payload['username']).one_or_none()
```
# Check Authentication
```python3
from flask_cognito import cognito_auth_required, current_user, current_cognito_jwt
@route('/api/private')
@cognito_auth_required
def api_private():
# user must have valid cognito access or ID token in header
# (accessToken is recommended - not as much personal information contained inside as with idToken)
return jsonify({
'cognito_username': current_cognito_jwt['username'], # from cognito pool
'user_id': current_user.id, # from your database
})
```
# Restrict access by Cognito Group
```python3
from flask_cognito import cognito_auth_required, current_user, current_cognito_jwt
@route('/api/foo')
@cognito_auth_required
@cognito_group_permissions(['admin','developer'])
def api_private():
# user must belongs to "admin" or "developer" groups
return jsonify({
'foo': "bar"
})
```
### Acknowledgements
* Uses [cognitojwt](https://github.com/borisrozumnuk/cognitojwt) at its core.
* Based on [flask-jwt](https://github.com/mattupstate/flask-jwt/).
Raw data
{
"_id": null,
"home_page": "https://github.com/jetbridge/flask_cognito",
"name": "Flask-Cognito",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "flask aws cognito jwt authentication auth serverless",
"author": "Mischa Spiegelmock",
"author_email": "mischa@mvstg.biz",
"download_url": "https://files.pythonhosted.org/packages/21/df/4ef5d89340665d9bfe6206c263efecb1d0ac4c8b43fc8febe428292ade6f/Flask-Cognito-1.21.tar.gz",
"platform": "any",
"description": "Flask-Cognito\n-------------\n\nAuthenticate users based on AWS Cognito JWT.\n\n\n# Initialization\n```python3\n# configuration\napp.config.update({\n 'COGNITO_REGION': 'eu-central-1',\n 'COGNITO_USERPOOL_ID': 'eu-central-1c3fea2',\n\n # optional\n 'COGNITO_APP_CLIENT_ID': 'abcdef123456', # client ID you wish to verify user is authenticated against\n 'COGNITO_CHECK_TOKEN_EXPIRATION': False, # disable token expiration checking for testing purposes\n 'COGNITO_JWT_HEADER_NAME': 'X-MyApp-Authorization',\n 'COGNITO_JWT_HEADER_PREFIX': 'Bearer',\n})\n\n\n# initialize extension\nfrom flask_cognito import CognitoAuth\ncogauth = CognitoAuth(app)\n\n@cogauth.identity_handler\ndef lookup_cognito_user(payload):\n \"\"\"Look up user in our database from Cognito JWT payload.\"\"\"\n return User.query.filter(User.cognito_username == payload['username']).one_or_none()\n```\n\n# Check Authentication\n```python3\nfrom flask_cognito import cognito_auth_required, current_user, current_cognito_jwt\n\n@route('/api/private')\n@cognito_auth_required\ndef api_private():\n # user must have valid cognito access or ID token in header\n # (accessToken is recommended - not as much personal information contained inside as with idToken)\n return jsonify({\n 'cognito_username': current_cognito_jwt['username'], # from cognito pool\n 'user_id': current_user.id, # from your database\n })\n```\n\n# Restrict access by Cognito Group\n```python3\nfrom flask_cognito import cognito_auth_required, current_user, current_cognito_jwt\n\n@route('/api/foo')\n@cognito_auth_required\n@cognito_group_permissions(['admin','developer'])\ndef api_private():\n # user must belongs to \"admin\" or \"developer\" groups\n return jsonify({\n 'foo': \"bar\"\n })\n```\n\n### Acknowledgements\n* Uses [cognitojwt](https://github.com/borisrozumnuk/cognitojwt) at its core.\n* Based on [flask-jwt](https://github.com/mattupstate/flask-jwt/).\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Authenticate users to Cognito user pool via JWT.",
"version": "1.21",
"project_urls": {
"Homepage": "https://github.com/jetbridge/flask_cognito"
},
"split_keywords": [
"flask",
"aws",
"cognito",
"jwt",
"authentication",
"auth",
"serverless"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "21df4ef5d89340665d9bfe6206c263efecb1d0ac4c8b43fc8febe428292ade6f",
"md5": "4787b136f53e9eaec80c6570dd8e5be3",
"sha256": "8daf0a7dd8978c089a55b98e681a6ecab276d19c39828079214f6cb72a508fb5"
},
"downloads": -1,
"filename": "Flask-Cognito-1.21.tar.gz",
"has_sig": false,
"md5_digest": "4787b136f53e9eaec80c6570dd8e5be3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 4969,
"upload_time": "2024-04-13T19:28:37",
"upload_time_iso_8601": "2024-04-13T19:28:37.039887Z",
"url": "https://files.pythonhosted.org/packages/21/df/4ef5d89340665d9bfe6206c263efecb1d0ac4c8b43fc8febe428292ade6f/Flask-Cognito-1.21.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-04-13 19:28:37",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "jetbridge",
"github_project": "flask_cognito",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "flask-cognito"
}
JSON
