[](https://github.com/GeneralMills/azure-ad-token-verify/actions)
[](https://pypi.python.org/pypi/aad-token-verify)
# aad-token-verify
A python utility library to verify an Azure Active Directory OAuth token. Meant for resource servers serving secured API endpoints (eg FastAPI)
## Install
```bash
python3 -m pip install aad-token-verify
```
## Usage
To use stand alone, simply import the verify payload function and call.
```python
from aad_token_verify import get_verified_payload
token_verifier = get_verified_payload(token, tenant_id="YOUR_TENANT_ID", audience_uris=["AUDIENCE_URI"])
```
To use with FastAPI, there's some setup to get the Swagger docs to work
```python
from fastapi import Depends, FastAPI
from fastapi.openapi.models import OAuthFlowImplicit, OAuthFlows
from fastapi.middleware.cors import CORSMiddleware
from fastapi.security import OAuth2
from aad_token_verify import get_verified_payload
# TODO Update these with your Tenant ID, Audience URI, and Client ID
_TENANT_ID = "ISSUER_TENANT_ID"
_AUDIENCE_URI = "https://YOUR_AUDIENCE_URI"
_AAD_CLIENT_ID = "CLIENT_ID"
oauth2_scheme = OAuth2(
flows=OAuthFlows(
implicit=OAuthFlowImplicit(
authorizationUrl=f"https://login.microsoftonline.com/{_TENANT_ID}/oauth2/v2.0/authorize",
scopes={
f"{_AUDIENCE_URI}/.default": "Custom Audience URI scope",
"openid": "OpenID scope",
"profile": "Profile scope",
"email": "email scope",
},
)
)
)
async def get_current_user(
auth_header: str = Depends(oauth2_scheme), # noqa: B008
):
scheme, _, token = auth_header.partition(" ")
return get_verified_payload(
token,
tenantId=_TENANT_ID,
audience_uris=[_AUDIENCE_URI],
)
app = FastAPI()
app.add_middleware(
CORSMiddleware,
allow_origins=["*"],
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
app.swagger_ui_init_oauth = {
"usePkceWithAuthorizationCodeGrant": True,
"clientId": _AAD_CLIENT_ID,
"scopes": [f"{_AUDIENCE_URI}.default"],
}
@app.get("/")
async def secured_endpoint(user=Depends(get_current_user)):
return user
```
## Contributing
Feel free to submit issues and pull requests!
Raw data
{
"_id": null,
"home_page": "https://github.com/GeneralMills/azure-ad-token-verify",
"name": "aad-token-verify",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "",
"keywords": "azure ad token oauth verify jwt",
"author": "['Daniel Thompson']",
"author_email": "daniel.thompson2@genmills.com",
"download_url": "https://files.pythonhosted.org/packages/55/44/bfb8208cdc163da2deb00921231e089a9136c4bdc693f2417a0010ce4663/aad-token-verify-0.2.0.tar.gz",
"platform": null,
"description": "[](https://github.com/GeneralMills/azure-ad-token-verify/actions)\n[](https://pypi.python.org/pypi/aad-token-verify)\n# aad-token-verify\nA python utility library to verify an Azure Active Directory OAuth token. Meant for resource servers serving secured API endpoints (eg FastAPI)\n\n## Install\n\n```bash\npython3 -m pip install aad-token-verify\n```\n\n## Usage\n\nTo use stand alone, simply import the verify payload function and call.\n\n```python\nfrom aad_token_verify import get_verified_payload\n\ntoken_verifier = get_verified_payload(token, tenant_id=\"YOUR_TENANT_ID\", audience_uris=[\"AUDIENCE_URI\"])\n```\n\nTo use with FastAPI, there's some setup to get the Swagger docs to work\n\n```python\nfrom fastapi import Depends, FastAPI\nfrom fastapi.openapi.models import OAuthFlowImplicit, OAuthFlows\nfrom fastapi.middleware.cors import CORSMiddleware\nfrom fastapi.security import OAuth2\n\nfrom aad_token_verify import get_verified_payload\n\n# TODO Update these with your Tenant ID, Audience URI, and Client ID\n_TENANT_ID = \"ISSUER_TENANT_ID\"\n_AUDIENCE_URI = \"https://YOUR_AUDIENCE_URI\"\n_AAD_CLIENT_ID = \"CLIENT_ID\"\n\noauth2_scheme = OAuth2(\n flows=OAuthFlows(\n implicit=OAuthFlowImplicit(\n authorizationUrl=f\"https://login.microsoftonline.com/{_TENANT_ID}/oauth2/v2.0/authorize\",\n scopes={\n f\"{_AUDIENCE_URI}/.default\": \"Custom Audience URI scope\",\n \"openid\": \"OpenID scope\",\n \"profile\": \"Profile scope\",\n \"email\": \"email scope\",\n },\n )\n )\n)\n\nasync def get_current_user(\n auth_header: str = Depends(oauth2_scheme), # noqa: B008\n):\n scheme, _, token = auth_header.partition(\" \")\n return get_verified_payload(\n token,\n tenantId=_TENANT_ID,\n audience_uris=[_AUDIENCE_URI],\n )\n\napp = FastAPI()\n\napp.add_middleware(\n CORSMiddleware,\n allow_origins=[\"*\"],\n allow_credentials=True,\n allow_methods=[\"*\"],\n allow_headers=[\"*\"],\n)\n\napp.swagger_ui_init_oauth = {\n \"usePkceWithAuthorizationCodeGrant\": True,\n \"clientId\": _AAD_CLIENT_ID,\n \"scopes\": [f\"{_AUDIENCE_URI}.default\"],\n}\n\n@app.get(\"/\")\nasync def secured_endpoint(user=Depends(get_current_user)):\n return user\n```\n\n## Contributing\n\nFeel free to submit issues and pull requests!\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "A python utility library to verify an Azure Active Directory OAuth token",
"version": "0.2.0",
"project_urls": {
"Homepage": "https://github.com/GeneralMills/azure-ad-token-verify"
},
"split_keywords": [
"azure",
"ad",
"token",
"oauth",
"verify",
"jwt"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "d288c41e394e6ad9b68716acde148546a5c79e42d77c8b08fbf64153a0309f82",
"md5": "0906d8b228ee78d917789a719dfcffbf",
"sha256": "a32a29c29b5eb9dd030d0f5378a46e316b27c3a7152635aa7e3fb50fb55c7a6e"
},
"downloads": -1,
"filename": "aad_token_verify-0.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "0906d8b228ee78d917789a719dfcffbf",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 5348,
"upload_time": "2023-06-07T15:38:33",
"upload_time_iso_8601": "2023-06-07T15:38:33.684832Z",
"url": "https://files.pythonhosted.org/packages/d2/88/c41e394e6ad9b68716acde148546a5c79e42d77c8b08fbf64153a0309f82/aad_token_verify-0.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "5544bfb8208cdc163da2deb00921231e089a9136c4bdc693f2417a0010ce4663",
"md5": "e892de16471a999f0f7bb6e151a2a06c",
"sha256": "91fdb46070b0f4b258d7ffb8f5bee11de2e6728e2f0885cf04dbb354f59dcdaf"
},
"downloads": -1,
"filename": "aad-token-verify-0.2.0.tar.gz",
"has_sig": false,
"md5_digest": "e892de16471a999f0f7bb6e151a2a06c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 5012,
"upload_time": "2023-06-07T15:38:35",
"upload_time_iso_8601": "2023-06-07T15:38:35.186165Z",
"url": "https://files.pythonhosted.org/packages/55/44/bfb8208cdc163da2deb00921231e089a9136c4bdc693f2417a0010ce4663/aad-token-verify-0.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-06-07 15:38:35",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "GeneralMills",
"github_project": "azure-ad-token-verify",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aad-token-verify"
}
JSON
