https://github.com/theruziev/security_interface

Simple API for authentication and authorization.
https://github.com/theruziev/security_interface

python-3-6 python-asyncio security

Last synced: 4 days ago
JSON representation

Simple API for authentication and authorization.

• Host: GitHub
• URL: https://github.com/theruziev/security_interface
• Owner: theruziev
• License: mit
• Created: 2018-10-24T09:35:59.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2023-04-18T18:00:42.000Z (over 1 year ago)
• Last Synced: 2024-12-20T23:51:38.545Z (6 days ago)
• Topics: python-3-6, python-asyncio, security
• Language: Python
• Homepage: https://security-interface.rtfd.io
• Size: 347 KB
• Stars: 5
• Watchers: 2
• Forks: 1
• Open Issues: 1
• Metadata Files:
  • Readme: README.rst
  • License: LICENSE
  • Security: docs/security_interface.rst

Awesome Lists containing this project

README

        
.. image:: https://img.shields.io/travis/com/theruziev/security_interface.svg?style=flat-square

        :target: https://travis-ci.com/theruziev/security_interface

.. image:: https://img.shields.io/codecov/c/github/theruziev/security_interface.svg?style=flat-square

        :target: https://codecov.io/gh/theruziev/security_interface

.. image:: https://img.shields.io/pypi/v/security_interface.svg?style=flat-square

        :alt: PyPI

        :target: https://pypi.org/project/security-interface/

Security Interface

==================

This library provides an easy API for authentication and authorization.

Installation

------------

Install with the following command

.. code-block:: bash

    pip install security_interface

Usage

-----

First of all you need to implement ``IdentityPolicyInterface``

and ``AuthorizationPolicyInterface`` interfaces. For example, we can implement JWT Security

.. code-block:: python

   import jwt

   from security_interface import IdentityPolicyInterface, AuthorizationPolicyInterface

   class JwtIdentityPolicy(IdentityPolicyInterface):

       def __init__(self, secret, algorithm="HS256"):

           self.algorithm = algorithm

           self.secret = secret

       async def identify(self, identity):

           if jwt is None:

               raise TypeError("Please install PyJWT")

           try:

               return jwt.decode(

                   identity,

                   self.secret,

                   algorithms=[self.algorithm],

                   options={"verify_exp": True, "verify_iat": True},

               )

           except Exception as e:

               return None

   class JwtAuthPolicy(AuthorizationPolicyInterface):

       async def can(self, identity, permission):

           return permission in identity["scope"]

Create security instance with our implementation

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. code-block:: python

   from security_interface.api import Security

   jwt_identity = JwtIdentityPolicy("SECRET")

   jwt_auth_policy = JwtAuthPolicy()

   security = Security(jwt_identity, jwt_auth_policy)

   # Checking claim

   security.identify(CLAIM)

   # Checking permission

   security.can(CLAIM, "read")

   security.can(CLAIM, "write")

For full implementation see `DEMO `_