aad-token-verify-kbr


Nameaad-token-verify-kbr JSON
Version 0.0.1 PyPI version JSON
download
home_pagehttps://github.com/GeneralMills/azure-ad-token-verify
SummaryForked: A python utility library to verify an Azure Active Directory OAuth token
upload_time2023-08-01 07:31:06
maintainer
docs_urlNone
author['Daniel Thompson']
requires_python>=3.7
licenseMIT
keywords azure ad token oauth verify jwt
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            [![Tests](https://github.com/GeneralMills/azure-ad-token-verify/workflows/Test%20and%20Analysis/badge.svg)](https://github.com/GeneralMills/azure-ad-token-verify/actions)
[![PyPi](https://img.shields.io/pypi/pyversions/aad-token-verify.svg)](https://pypi.python.org/pypi/aad-token-verify)
# aad-token-verify
A python utility library to verify an Azure Active Directory OAuth token. Meant for resource servers serving secured API endpoints (eg FastAPI)

## Install

```bash
python3 -m pip install aad-token-verify
```

## Usage

To use stand alone, simply import the verify payload function and call.

```python
from aad_token_verify import get_verified_payload

token_verifier = get_verified_payload(token, tenant_id="YOUR_TENANT_ID", audience_uris=["AUDIENCE_URI"])
```

To use with FastAPI, there's some setup to get the Swagger docs to work

```python
from fastapi import Depends, FastAPI
from fastapi.openapi.models import OAuthFlowImplicit, OAuthFlows
from fastapi.middleware.cors import CORSMiddleware
from fastapi.security import OAuth2

from aad_token_verify import get_verified_payload

# TODO Update these with your Tenant ID, Audience URI, and Client ID
_TENANT_ID = "ISSUER_TENANT_ID"
_AUDIENCE_URI = "https://YOUR_AUDIENCE_URI"
_AAD_CLIENT_ID = "CLIENT_ID"

oauth2_scheme = OAuth2(
    flows=OAuthFlows(
        implicit=OAuthFlowImplicit(
            authorizationUrl=f"https://login.microsoftonline.com/{_TENANT_ID}/oauth2/v2.0/authorize",
            scopes={
                f"{_AUDIENCE_URI}/.default": "Custom Audience URI scope",
                "openid": "OpenID scope",
                "profile": "Profile scope",
                "email": "email scope",
            },
        )
    )
)

async def get_current_user(
    auth_header: str = Depends(oauth2_scheme),  # noqa: B008
):
    scheme, _, token = auth_header.partition(" ")
    return get_verified_payload(
        token,
        tenantId=_TENANT_ID,
        audience_uris=[_AUDIENCE_URI],
    )

app = FastAPI()

app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

app.swagger_ui_init_oauth = {
    "usePkceWithAuthorizationCodeGrant": True,
    "clientId": _AAD_CLIENT_ID,
    "scopes": [f"{_AUDIENCE_URI}.default"],
}

@app.get("/")
async def secured_endpoint(user=Depends(get_current_user)):
    return user
```

## Contributing

Feel free to submit issues and pull requests!

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/GeneralMills/azure-ad-token-verify",
    "name": "aad-token-verify-kbr",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.7",
    "maintainer_email": "",
    "keywords": "azure ad token oauth verify jwt",
    "author": "['Daniel Thompson']",
    "author_email": "daniel.thompson2@genmills.com",
    "download_url": "https://files.pythonhosted.org/packages/53/fc/223547606cdc7bf1de9dc245d98688ad96b96ade75c91b1baa89f00c0dca/aad-token-verify-kbr-0.0.1.tar.gz",
    "platform": null,
    "description": "[![Tests](https://github.com/GeneralMills/azure-ad-token-verify/workflows/Test%20and%20Analysis/badge.svg)](https://github.com/GeneralMills/azure-ad-token-verify/actions)\r\n[![PyPi](https://img.shields.io/pypi/pyversions/aad-token-verify.svg)](https://pypi.python.org/pypi/aad-token-verify)\r\n# aad-token-verify\r\nA python utility library to verify an Azure Active Directory OAuth token. Meant for resource servers serving secured API endpoints (eg FastAPI)\r\n\r\n## Install\r\n\r\n```bash\r\npython3 -m pip install aad-token-verify\r\n```\r\n\r\n## Usage\r\n\r\nTo use stand alone, simply import the verify payload function and call.\r\n\r\n```python\r\nfrom aad_token_verify import get_verified_payload\r\n\r\ntoken_verifier = get_verified_payload(token, tenant_id=\"YOUR_TENANT_ID\", audience_uris=[\"AUDIENCE_URI\"])\r\n```\r\n\r\nTo use with FastAPI, there's some setup to get the Swagger docs to work\r\n\r\n```python\r\nfrom fastapi import Depends, FastAPI\r\nfrom fastapi.openapi.models import OAuthFlowImplicit, OAuthFlows\r\nfrom fastapi.middleware.cors import CORSMiddleware\r\nfrom fastapi.security import OAuth2\r\n\r\nfrom aad_token_verify import get_verified_payload\r\n\r\n# TODO Update these with your Tenant ID, Audience URI, and Client ID\r\n_TENANT_ID = \"ISSUER_TENANT_ID\"\r\n_AUDIENCE_URI = \"https://YOUR_AUDIENCE_URI\"\r\n_AAD_CLIENT_ID = \"CLIENT_ID\"\r\n\r\noauth2_scheme = OAuth2(\r\n    flows=OAuthFlows(\r\n        implicit=OAuthFlowImplicit(\r\n            authorizationUrl=f\"https://login.microsoftonline.com/{_TENANT_ID}/oauth2/v2.0/authorize\",\r\n            scopes={\r\n                f\"{_AUDIENCE_URI}/.default\": \"Custom Audience URI scope\",\r\n                \"openid\": \"OpenID scope\",\r\n                \"profile\": \"Profile scope\",\r\n                \"email\": \"email scope\",\r\n            },\r\n        )\r\n    )\r\n)\r\n\r\nasync def get_current_user(\r\n    auth_header: str = Depends(oauth2_scheme),  # noqa: B008\r\n):\r\n    scheme, _, token = auth_header.partition(\" \")\r\n    return get_verified_payload(\r\n        token,\r\n        tenantId=_TENANT_ID,\r\n        audience_uris=[_AUDIENCE_URI],\r\n    )\r\n\r\napp = FastAPI()\r\n\r\napp.add_middleware(\r\n    CORSMiddleware,\r\n    allow_origins=[\"*\"],\r\n    allow_credentials=True,\r\n    allow_methods=[\"*\"],\r\n    allow_headers=[\"*\"],\r\n)\r\n\r\napp.swagger_ui_init_oauth = {\r\n    \"usePkceWithAuthorizationCodeGrant\": True,\r\n    \"clientId\": _AAD_CLIENT_ID,\r\n    \"scopes\": [f\"{_AUDIENCE_URI}.default\"],\r\n}\r\n\r\n@app.get(\"/\")\r\nasync def secured_endpoint(user=Depends(get_current_user)):\r\n    return user\r\n```\r\n\r\n## Contributing\r\n\r\nFeel free to submit issues and pull requests!\r\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "Forked: A python utility library to verify an Azure Active Directory OAuth token",
    "version": "0.0.1",
    "project_urls": {
        "Homepage": "https://github.com/GeneralMills/azure-ad-token-verify"
    },
    "split_keywords": [
        "azure",
        "ad",
        "token",
        "oauth",
        "verify",
        "jwt"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "53fc223547606cdc7bf1de9dc245d98688ad96b96ade75c91b1baa89f00c0dca",
                "md5": "106c03e256df63bc88eee0ed2a3bd9da",
                "sha256": "2932437fdb6a7642b558a111058725af17736c77f5453f1c790982e494cca130"
            },
            "downloads": -1,
            "filename": "aad-token-verify-kbr-0.0.1.tar.gz",
            "has_sig": false,
            "md5_digest": "106c03e256df63bc88eee0ed2a3bd9da",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.7",
            "size": 5103,
            "upload_time": "2023-08-01T07:31:06",
            "upload_time_iso_8601": "2023-08-01T07:31:06.045470Z",
            "url": "https://files.pythonhosted.org/packages/53/fc/223547606cdc7bf1de9dc245d98688ad96b96ade75c91b1baa89f00c0dca/aad-token-verify-kbr-0.0.1.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-08-01 07:31:06",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "GeneralMills",
    "github_project": "azure-ad-token-verify",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "aad-token-verify-kbr"
}
['Daniel Thompson']
Elapsed time: 1.92232s