jhildreth / falcon-jwt-checker

MIT License
12 stars 5 forks source link

falcon-jwt-checker

falcon-jwt-checker is a middleware for the Falcon Python web framework. It checks all requests (except those to specified exempt routes or using a specified exempt method) for a valid jwt, rejecting those that do not have one present. It uses PyJwt to perform jwt validation.

falcon-jwt-checker merely checks for valid jwts on requests, it does not deal with issuing tokens at all. This is because I view that as a separate concern entirely, for which there are a number of possible strategies.

Installation

pip install falcon-jwt-checker

Usage

import falcon
from falcon_jwt_checker import JwtChecker

jwt_checker = JwtChecker(
    secret='secret_here', # May be a public key
    algorithm='HS256',
    exempt_routes=['/auth'], # Routes listed here will not require a jwt
    exempt_methods=['OPTIONS'], # HTTP request methods listed here will not require a jwt
    audience='api.example.com',
    leeway=30
)

app = falcon.API(middleware=[jwt_checker])

...

In responder methods, add a parameter argument for the keyword argument 'jwt_claims', e.g. **params, which is added after processing the token for endpoints that are authenticated.

class StatusResource(object):
    def on_get(self, req, resp, **params):

Tests

pytest falcon_jwt_checker

License

MIT