Metadata-Version: 2.1
Name: py-jwt-validator
Version: 0.4.0b0
Summary: Python JWT Signature Validator - Asymetric Keys - From exponent and modulus
Home-page: https://github.com/adrianlazar-personal/py-jwt-validator
Author: Adrian Lazar
Author-email: adrian.lazar95@outlook.com
License: UNKNOWN
Description: # py-jwt-validator
         
        JWT Signature Validator, for JWT signed with Asymmetric Keys, public key compiled from exponent and modulus.
        
        ----------------
        ## Disclaimer
        Currently, this package is just in beta status. More work is required until it can be considered "production ready".
        
        ----------------
        
        ## Realease notes:
        Version | Release notes
        ------------ | -------------
        0.4.0-beta | Security fix. Certificate Chain is mandatory for Okta Custom URL Domain.
        0.3.0-beta | Minor release. Added support for Okta Custom URL Domain.
        0.2.0-beta | Minor release. Added support for AWS Cognito JWT.
        0.1.0-beta | Minor release. Increased configurability.
        0.0.1-beta | First package release.
        
        ----------------
        
        ## Support IdPs:
        * Okta
        * AWS Cognito
        * *More to come*
        
        ----------------
        
        ## Install
        ```
        pip install py-jwt-validator
        ```
        
        ----------------
        
        ## Usage Guide
        ```
        from py_jwt_validator import PyJwtValidator, PyJwtException
        jwt = {access_token / id_token}
        try:
            _jwt = PyJwtValidator(jwt)
        except PyJwtException:
            print('Exception was catched.')
        ```
        
        * The class **PyJwtValidator** currently accepts:
        
        Attribute | Required | Default value
        ----------|----------|--------------
        jwt | Yes | None
        cid - OIDC Client ID | No | None
        aud - Audience | No | None
        iss - Issuer | No | None
        auto_verify | No | **True**
        check_expiry | No | **True**
        
        * The class method **verify(**) currently accepts:
        
        Attribute | Required | Default value
        ----------|----------|--------------
        get_payload | No | **False**
        
        ----------------
        
        ## Process Chain
        1. Once the class is instantiated the following checks are performed:
            * JWT Format
            * JWT Expiration time
            * JWT Claims if given when the class was instantiated.
        
        2. After the above checks are done, it will verify the token signature with the public exponent and modulus obtained from the /keys endpoint. If the signature is valid, it will return **None**. Else, it will raise exception.
        
            * If a check fails at any given step, the exception **PyJwtException** will be raised.
            * The /keys endpoint will be compiled based on the 'iss' claim.
            * The response from /keys will be cached (**requests_cache**) for subsequent calls. Cache lifetime hardcoded to **24 hours**. Cache store is **sqlite**.
        
        * If **auto_verify** is set to **False** the class will not perform the signature validation. To check the signature the **verify()** method needs to be used. By default, the method will return None. In order to return the decoded jwt payload **True** has to be passed. Example:
        ```
        from py_jwt_validator import PyJwtValidator, PyJwtException
        jwt = {access_token / id_token}
        validator = PyJwtValidator(jwt, auto_verify=False)
        try:
            payload = validator.verify(True)
            print(payload)
        except PyJwtException:
            print('Exception was catched.')
        ```
        
        ----------------
        
        ### Note
        
        The reason why this class returns **None** or exception is to provide more flexibility. Not everyone needs to return the decoded payload of the jwt. 
        
        It is recommended to use it within **try:** **except** blocks. 
        
        ----------------
        ### UPCOMING IN FUTURE RELEASES
        
        - [x] Disable auto signature verify - **auto_verify=False**
        - [x] Return Payload or None - **get_payload=True**
        - [x] Ommit expiry check - **check_expiry=False**
        - [ ] Custom Claim validation
        - [ ] Cache Control (use-case, cache-expiry)
        
        
        ----------------
        # SUGGESTIONS?
        Please feel free to email me at adrian.lazar95@outlook.com or adrian.lazar@okta.com. I am opened to improvement / suggestions and critics. 
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Description-Content-Type: text/markdown
