aiohttp-jwt

aiohttp-jwt

The library provides aiohttp middleware and helper utils for working with JSON web tokens.

• Works on Python3.5+
• MIT License
• Latest docs TBD
• Contributions are highly welcome!

Requirements

• Aiohttp >= 2.3.5
• PyJWT

Install

$ pip install aiohttp_jwt

Simple Usage

server.py

import jwt
from aiohttp import web

from aiohttp_jwt import JWTMiddleware

sharable_secret = 'secret'


async def protected_handler(request):
    return web.json_response({'user': request['payload']})


app = web.Application(
    middlewares=[
        JWTMiddleware(sharable_secret),
    ]
)

app.router.add_get('/protected', protected_handler)

if __name__ == '__main__':
    web.run_app(app)

client.py

import asyncio

import aiohttp
import async_timeout


async def fetch(session, url, headers=None):
    async with async_timeout.timeout(10):
        async with session.get(url, headers=headers) as response:
            return await response.json()


async def main():
    async with aiohttp.ClientSession() as session:
        response = await fetch(
            session,
            'http://localhost:8080/protected',
            headers={'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InRlc3QifQ.pyNsXX_vNsUvdt6xu13F1Gs1zGELT4Va8a38eG5svBA'})
        print(response)

loop = asyncio.get_event_loop()
loop.run_until_complete(main())

Examples

• Basic Example
• Permissions control

Credits

This module inspired by official auth0/express-jwt middleware and express-jwt-permissions extension.

Related packages

For advanced security facilities check aio-libs/aiohttp_security

License

MIT License