codebeat badge <https://codebeat.co/projects/bitbucket-org-atlassian-atlassian-jwt-py/ratings>__
JSON Web Token <https://jwt.io/>__ (JWT) authentication and encoding
library for Python 2 and 3. Extends
pyjwt <https://github.com/jpadilla/pyjwt>__ to include Atlassian
Connect’s custom query string hash <https://developer.atlassian.com/blog/2015/01/understanding-jwt/>__
(qsh) claim.
This package is on pypi <https://pypi.python.org/pypi/atlassian-jwt>__
so you can use pip to install it
::
pip install atlassian-jwt
This package makes references to Atlassian Connect’s tenant information data structure <https://developer.atlassian.com/static/connect/docs/latest/modules/lifecycle.html>__.
Specfically the clientKey and sharedSecret fields are used when
encoding a JWT token. Here is an example of the complete tenant
information data structure as is passed to a Connect Addon with the
installed lifecycle callback.
::
{ "key": "installed-addon-key", "clientKey": "unique-client-identifier", "publicKey": "MIGf....ZRWzwIDAQAB", "sharedSecret": "a-secret-key-not-to-be-lost", "serverVersion": "server-version", "pluginsVersion": "version-of-connect", "baseUrl": "http://example.atlassian.net", "productType": "jira", "description": "Atlassian JIRA at https://example.atlassian.net", "serviceEntitlementNumber": "SEN-number", "eventType": "installed" }
Where
This package provides an abstract base class that can be subclassed to provide authentication to an Atlassian Connect Addon. Here is an example of that use
::
import atlassian_jwt
class MyAddon(atlassian_jwt.Authenticator): def init(self, tenant_info_store): super(MyAddon, self).init() self.tenant_info_store = tenant_info_store
def get_shared_secret(self, client_key):
tenant_info = self.tenant_info_store.get(client_key)
return tenant_info['sharedSecret']
my_auth = MyAddon(tenant_info_store) try: client_key, claims = my_auth.authenticate(http_method, url, headers) # authentication succeeded except atlassian_jwt.DecodeError: # authentication failed pass
Atlassian Connect Addon can make API calls back to the host application.
These API calls include a JWT token for authentication. This package
provides an encode_token function to do this work. Here is an
example of its use
::
import atlassian_jwt
token = atlassian_jwt.encode_token(http_method, url, **tenant_info) headers = {'Authorization': 'JWT {}'.format(token)}
Understanding JWT for Atlassian Connect <https://developer.atlassian.com/blog/2015/01/understanding-jwt/>__Understanding JWT <https://developer.atlassian.com/static/connect/docs/latest/concepts/understanding-jwt.html>__Creating a query string hash <https://developer.atlassian.com/static/connect/docs/latest/concepts/understanding-jwt.html#qsh>__::
pip3.8 install -e . && pip3.8 install -r requirements.txt && python3.8 -m pytest
FAQs
JSON web token: pyjwt plus Atlassian query-string-hash claim
We found that atlassian-jwt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.