[](https://github.com/Neoteroi/guardpost/actions?query=workflow%3ABuild)
[](https://pypi.org/project/guardpost/)
[](https://github.com/Neoteroi/guardpost)
[](https://github.com/Neoteroi/guardpost/blob/main/LICENSE)
[](https://codecov.io/gh/Neoteroi/guardpost)
# Authentication and authorization framework for Python apps
Basic framework to handle authentication and authorization in asynchronous
Python applications.
**Features:**
- strategy to implement authentication (who or what is using a service?)
- strategy to implement authorization (is the acting identity authorized to do a certain action?)
- support for dependency injection for classes handling authentication and
authorization requirements
- built-in support for JSON Web Tokens (JWTs) authentication
This library is freely inspired by [authorization in ASP.NET
Core](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.2);
although its implementation is extremely different.
## Installation
```bash
pip install guardpost
```
To install with support for `JSON Web Tokens (JWTs)` validation:
```
pip install guardpost[jwt]
```
### Examples
For examples, refer to the [examples folder](./examples).
## Functions to validate JWTs
GuardPost includes functions to validate JSON Web Tokens (JWTs) and handle
JSON Web Keys Sets (JWKS).
The built-in validator class can retrieve automatically JWKS from identity providers
and handle automatically caching and keys rotation. Caching is useful to not incur in
useless performance fees (e.g. downloading JWKS at each web request), and keys rotation
is important because identity providers can periodically change the keys they use to
sign JWTs.
To use these features, install to include additional dependencies:
```bash
pip install guardpost[jwt]
```
The following example shows how to use guardpost to validate tokens:
```python
import asyncio
from guardpost.jwts import JWTValidator
async def main():
validator = JWTValidator(
authority="YOUR_AUTHORITY",
valid_issuers=["YOUR_ISSUER_VALUE"],
valid_audiences=["YOUR_AUDIENCE"],
)
# keys are fetched when necessary
data = await validator.validate_jwt("YOUR_TOKEN")
print(data)
asyncio.run(main())
```
An example value for `authority`, to validate access tokens issued by
Azure Active Directory could be: `https://sts.windows.net/YOUR_TENANT_ID/`.
GuardPost is used in BlackSheep and has been tested with:
- Auth0
- Azure Active Directory
- Azure Active Directory B2C
- Okta
## If you have doubts about authentication vs authorization...
`Authentication` answers the question: _Who is the user who is initiating the
action?_, or more in general: _Who is the user, or what is the service, that is
initiating the action?_.
`Authorization` answers the question: _Is the user, or service, authorized to
do something?_.
Usually, to implement authorization, is necessary to have the context of the
entity that is executing the action.
## Usage in BlackSheep
`guardpost` is used in the [BlackSheep](https://www.neoteroi.dev/blacksheep/)
web framework, to implement [authentication and authorization
strategies](https://www.neoteroi.dev/blacksheep/authentication/) for request
handlers.
To see how `guardpost` is used in `blacksheep` web framework, read:
* [Authentication](https://www.neoteroi.dev/blacksheep/authentication/)
* [Authorization](https://www.neoteroi.dev/blacksheep/authorization/)
# Documentation
Under construction. 🚧
Raw data
{
"_id": null,
"home_page": "",
"name": "guardpost",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "",
"keywords": "authentication,authorization,claims,identity,strategy",
"author": "",
"author_email": "Roberto Prevato <roberto.prevato@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/dc/a8/f90fe39e852c1645bb5a844d28c7833e0904b4451dbc0106b3449e8ff704/guardpost-1.0.2.tar.gz",
"platform": null,
"description": "[](https://github.com/Neoteroi/guardpost/actions?query=workflow%3ABuild)\n[](https://pypi.org/project/guardpost/)\n[](https://github.com/Neoteroi/guardpost)\n[](https://github.com/Neoteroi/guardpost/blob/main/LICENSE)\n[](https://codecov.io/gh/Neoteroi/guardpost)\n\n# Authentication and authorization framework for Python apps\nBasic framework to handle authentication and authorization in asynchronous\nPython applications.\n\n**Features:**\n\n- strategy to implement authentication (who or what is using a service?)\n- strategy to implement authorization (is the acting identity authorized to do a certain action?)\n- support for dependency injection for classes handling authentication and\n authorization requirements\n- built-in support for JSON Web Tokens (JWTs) authentication\n\nThis library is freely inspired by [authorization in ASP.NET\nCore](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.2);\nalthough its implementation is extremely different.\n\n## Installation\n\n```bash\npip install guardpost\n```\n\nTo install with support for `JSON Web Tokens (JWTs)` validation:\n\n```\npip install guardpost[jwt]\n```\n\n### Examples\n\nFor examples, refer to the [examples folder](./examples).\n\n## Functions to validate JWTs\n\nGuardPost includes functions to validate JSON Web Tokens (JWTs) and handle\nJSON Web Keys Sets (JWKS).\n\nThe built-in validator class can retrieve automatically JWKS from identity providers\nand handle automatically caching and keys rotation. Caching is useful to not incur in\nuseless performance fees (e.g. downloading JWKS at each web request), and keys rotation\nis important because identity providers can periodically change the keys they use to\nsign JWTs.\n\nTo use these features, install to include additional dependencies:\n\n```bash\npip install guardpost[jwt]\n```\n\nThe following example shows how to use guardpost to validate tokens:\n\n```python\nimport asyncio\nfrom guardpost.jwts import JWTValidator\n\n\nasync def main():\n validator = JWTValidator(\n authority=\"YOUR_AUTHORITY\",\n valid_issuers=[\"YOUR_ISSUER_VALUE\"],\n valid_audiences=[\"YOUR_AUDIENCE\"],\n )\n\n # keys are fetched when necessary\n data = await validator.validate_jwt(\"YOUR_TOKEN\")\n\n print(data)\n\n\nasyncio.run(main())\n```\n\nAn example value for `authority`, to validate access tokens issued by\nAzure Active Directory could be: `https://sts.windows.net/YOUR_TENANT_ID/`.\n\nGuardPost is used in BlackSheep and has been tested with:\n\n- Auth0\n- Azure Active Directory\n- Azure Active Directory B2C\n- Okta\n\n## If you have doubts about authentication vs authorization...\n`Authentication` answers the question: _Who is the user who is initiating the\naction?_, or more in general: _Who is the user, or what is the service, that is\ninitiating the action?_.\n\n`Authorization` answers the question: _Is the user, or service, authorized to\ndo something?_.\n\nUsually, to implement authorization, is necessary to have the context of the\nentity that is executing the action.\n\n## Usage in BlackSheep\n`guardpost` is used in the [BlackSheep](https://www.neoteroi.dev/blacksheep/)\nweb framework, to implement [authentication and authorization\nstrategies](https://www.neoteroi.dev/blacksheep/authentication/) for request\nhandlers.\n\nTo see how `guardpost` is used in `blacksheep` web framework, read:\n\n* [Authentication](https://www.neoteroi.dev/blacksheep/authentication/)\n* [Authorization](https://www.neoteroi.dev/blacksheep/authorization/)\n\n# Documentation\n\nUnder construction. \ud83d\udea7\n",
"bugtrack_url": null,
"license": "",
"summary": "Framework to handle authentication and authorization.",
"version": "1.0.2",
"project_urls": {
"Bug Tracker": "https://github.com/Neoteroi/GuardPost/issues",
"Homepage": "https://github.com/Neoteroi/GuardPost"
},
"split_keywords": [
"authentication",
"authorization",
"claims",
"identity",
"strategy"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "aacdb3574737b27491f26d1058806d12ee7131e6e8476990961a2ea80512c313",
"md5": "a4540fd4a0b99d33e18deb9110a45b8c",
"sha256": "e7b7e5c61f776b055c7f4ee382ab78149bfe66f367f0e187574c3664e1740579"
},
"downloads": -1,
"filename": "guardpost-1.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "a4540fd4a0b99d33e18deb9110a45b8c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 16808,
"upload_time": "2023-06-16T18:23:45",
"upload_time_iso_8601": "2023-06-16T18:23:45.090726Z",
"url": "https://files.pythonhosted.org/packages/aa/cd/b3574737b27491f26d1058806d12ee7131e6e8476990961a2ea80512c313/guardpost-1.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "dca8f90fe39e852c1645bb5a844d28c7833e0904b4451dbc0106b3449e8ff704",
"md5": "54782dc71c910b73e61dbeedaec799a0",
"sha256": "4566616c1bc01c148275ed8d1cd56f7dffeced490c7d8c599c90293308e55c94"
},
"downloads": -1,
"filename": "guardpost-1.0.2.tar.gz",
"has_sig": false,
"md5_digest": "54782dc71c910b73e61dbeedaec799a0",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 13100,
"upload_time": "2023-06-16T18:23:46",
"upload_time_iso_8601": "2023-06-16T18:23:46.684588Z",
"url": "https://files.pythonhosted.org/packages/dc/a8/f90fe39e852c1645bb5a844d28c7833e0904b4451dbc0106b3449e8ff704/guardpost-1.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-06-16 18:23:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Neoteroi",
"github_project": "GuardPost",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "guardpost"
}
JSON
