A flask library in which uses pyjwt to encode and decode JWTs but with the improvements in which you can define user roles to the endpoints so its better to use this library with that extra level of security. Also you can generate a JWT using basic authentication first to retrieve a token with the respective personalizations and then keep using that token. All options of pywjt to generate a token are going to be available.
Home Page: https://pypi.org/project/Flask-authgen-jwt/
License: MIT License
For the decode part should be added a error handler in JSON when authorization header is missing
I nede to update the versions of the following actions:
Add more legible docstrings and examples in the code
I need to add the new feature that is a way to decode basic auth plus the standard one.
I mean, first the credentials should be encrypted using cryptography library first to encode the credentials and the result to be send in basic auth, so after decoding in base64 then the new feature do the work to decode the result with the cryptography decodification.
I need to create the documentation of what I have already to dont forget what I already have created
All status codes now are integers, so should be replaced for http library to be more explicit at code level
I need to create through attributes of each calss inside library something that can validate exp and all that part of functionality not only with utc but also with different time zones, so it can be modified to validate in different time zones, something like the URL of the line code to be changed, click here
Also the specific line of code to check is: now = timegm(datetime.now(tz=timezone.utc).utctimetuple())
As part of the functionality of pyjwt that you can use private keys to encode and decode jet then I need to implement a method that uploads a file in the format we need, this means that I need the file content as a binary to encode and decode the same jwt using this files
We werent able to do the correct error inside library
I need to create a github action in order to validate the version that is in first PR to development, this in order to verify that tha actual version is not one of the previous ones and that is updated.
While using this library I found another errors that are keeped in my sticky notes. I need to validate the same ones and define a specific error for them.
I need to block the execution of pylint and let execute the github action only for development branch
Now that we are going to refactor the code for get user roles and verify basic auth credentials I need to refactor some part of the code in which I need to include always and obligatory the username and password at the moment we generate the JWT, there should be maybe a decorator later to change this
I need to update the security policy of the versions supported and not supported of the library
Correct the version inside this file to publish correctly the new code into pypi
I need to modify the gitignore file to only ignore the things about the project im doing
I need to validate the dictionary returned from the decorator __encode_jwt so it can be prepared for validate the algorithm so we can know how to encode the JWT and generate the same one
Fix type hints in the code
Correcting the github action to keep updating the python package correctly
I need to update the version of the library to update correctly the new improvements into pypi and also another stuffs of the same file
Create an automated release action to also execute properly the action that deploys to pypi
I need to add to the readme the documentation link so from pypi and from the same repo yu can go to the wiki part in which are documentation and examples
I need to add a way to create the token using a personal body request instead of using only all the time the basic auth credentials, this is because maybe you use this endpoint with a specific user but you need to create a different token with other credentials.
Tha JSON request should be standarized by the library
I need to upload some examples about how to use the library, so people can download examples and test them to know how the library works in a real environment
I will create another class to support API key, this should work with a decorator that gets all API keys stored in database. Maybe this should be part of other library
I need to update the pylint action to comply with new way to do the things by github
Added badge of github action that publish new versions of code into pypi and also a little refactor of the same README
I need to add the new flag of the class GenJwt so it will be documented as part of the new functionality of the library
I need to add annotations to methods that doesnt return something
I need to make the option of showing complete traceback for unhandled exceptions in each method of the library so we can know when to show traceback and when not for general un handled exceptions
I need to correct the bug in get_basic_auth_credentials, verify_jwt_credentials and the get_user_roles decorators because I need to do something similar like in the library of flask httpauth in which in this case after basi auth was decodified and jwt too I need to make available that credentials to be used in these decorators above, because if not then how we are going to be able to bring the same credentials without having idea of what user and password to validate and to return to the dictionary.
So we have two options, return a boolean like iin flask httpauth or the same as the previous option but obligating to return the same dictionary.
I think is going to be better to decode basic auth and jwt and make available that in the three decorators mentioned above and for roles use the username to return the same array of roles but in the first two decorators just return a boolean after own implementation of validation
I need to send only for this class an optional attribute to specify which encode for the RSA I need to follow because you can create a private key without password encryption so according to the attr we are going to follow one way to create the JWT or other with RSA.
The attr is going to be rsa_encrypt and the default is going to be False in which means that should be generated without password and True if should be generated with password.
Also this only applies if the algorithm is RS256 instead of HS256 specified in the enc_dec_jwt_config decorator.
Delete the comments inside this file that are not necessary to be in the same file
Update the contributors in the main docstring module
I need to update the policy to put as not maintained the previous versions, versions to add to not supported:
And the new version supported will be:
I need to update setup.cfg file to the new version that is going to be uploaded to pypi.
I need to add to the documentation the new feature that is in which you can change the default keys inside dictionary generated at the moment of validating the basic_auth, also for decoding if you have change this then you can decode by this keys that are not the default ones.
Maybe its better to move this to attributes, something like you need to build a dictionary and pass that in a specific attribute in the instantiation of the class
In the library I need to add to all functions inside the library, public and privates a general error handler with the traceback in which we can see the error retrieved from an un handled exception
Just added a type hint in dict type to be more specificc with the content
I need to update the documentation according to the modifications made in the library
I need to create an attribute which name is extern_pub_key in which is False by default, which means that the public key will be loaded from a file stored in the same API and in True which means that the public key in bytes is going to be received from the applicative in bytes.
When python 3.10 is available in AWS lambdas then the library will change to be only compatible with python 3.10 and upwards, this because some switch case is going to be implemented in the library.
We need to see a way to add extra fields from the function that has the decorator of the class GenJwt which is generate_jwt, in this case after the second request we can get this previous param but we need the dictionary before the first execution of the endpoint that has the decorator mentioned before.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
