codebeat badge <https://codebeat.co/projects/bitbucket-org-atlassian-atlassian-jwt-py/ratings>__
JSON Web Token <https://jwt.io/>__ (JWT) authentication and encoding
library for Python 2 and 3. Extends
pyjwt <https://github.com/jpadilla/pyjwt>__ to include Atlassian
Connect’s custom query string hash <https://developer.atlassian.com/blog/2015/01/understanding-jwt/>__
(qsh) claim.
This package is on pypi <https://pypi.python.org/pypi/atlassian-jwt>__
so you can use pip to install it
::
pip install atlassian-jwt
This package makes references to Atlassian Connect’s tenant information data structure <https://developer.atlassian.com/static/connect/docs/latest/modules/lifecycle.html>__.
Specfically the clientKey and sharedSecret fields are used when
encoding a JWT token. Here is an example of the complete tenant
information data structure as is passed to a Connect Addon with the
installed lifecycle callback.
::
{ "key": "installed-addon-key", "clientKey": "unique-client-identifier", "publicKey": "MIGf....ZRWzwIDAQAB", "sharedSecret": "a-secret-key-not-to-be-lost", "serverVersion": "server-version", "pluginsVersion": "version-of-connect", "baseUrl": "http://example.atlassian.net", "productType": "jira", "description": "Atlassian JIRA at https://example.atlassian.net", "serviceEntitlementNumber": "SEN-number", "eventType": "installed" }
Where
This package provides an abstract base class that can be subclassed to provide authentication to an Atlassian Connect Addon. Here is an example of that use
::
import atlassian_jwt
class MyAddon(atlassian_jwt.Authenticator): def init(self, tenant_info_store): super(MyAddon, self).init() self.tenant_info_store = tenant_info_store
def get_shared_secret(self, client_key):
tenant_info = self.tenant_info_store.get(client_key)
return tenant_info['sharedSecret']
my_auth = MyAddon(tenant_info_store) try: client_key, claims = my_auth.authenticate(http_method, url, headers) # authentication succeeded except atlassian_jwt.DecodeError: # authentication failed pass
Atlassian Connect Addon can make API calls back to the host application.
These API calls include a JWT token for authentication. This package
provides an encode_token function to do this work. Here is an
example of its use
::
import atlassian_jwt
token = atlassian_jwt.encode_token(http_method, url, **tenant_info) headers = {'Authorization': 'JWT {}'.format(token)}
Understanding JWT for Atlassian Connect <https://developer.atlassian.com/blog/2015/01/understanding-jwt/>__Understanding JWT <https://developer.atlassian.com/static/connect/docs/latest/concepts/understanding-jwt.html>__Creating a query string hash <https://developer.atlassian.com/static/connect/docs/latest/concepts/understanding-jwt.html#qsh>__::
pip3.8 install -e . && pip3.8 install -r requirements.txt && python3.8 -m pytest
FAQs
JSON web token: pyjwt plus Atlassian query-string-hash claim
We found that atlassian-jwt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.