Skip to content

Auth - manager

This module provides functionality for handling JSON Web Tokens (JWT) for authentication and authorization. It defines the structure and methods required to encode and decode JWTs, as well as manage the claims associated with the tokens.

BaseJWTManager

Bases: ABC

Abstract base class for managing JSON Web Tokens (JWT). This class defines the interface for encoding and decoding JWT (RFC7519).

Info

대부분의 경우 해당 클래스의 하위 구현체를 직접 사용할 필요는 거의 없습니다.

encode abstractmethod 

encode(claims, secret_key, algorithm)

Encodes the specified claims into a JSON Web Token (JWT).

PARAMETER DESCRIPTION
claims

A dictionary containing the claims to be included in the JWT.

TYPE: dict

secret_key

The secret key used to sign the JWT.

TYPE: str | bytes

algorithm

The signing algorithm to be used for the JWT.

TYPE: str

RETURNS DESCRIPTION
str

A string representation of the encoded JWT.

TYPE: str

RAISES DESCRIPTION
NotImplementedError

If this method is not implemented in a subclass.
Source code in webtool/auth/manager.py 
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
@abstractmethod
def encode(
    self,
    claims: dict,
    secret_key: str | bytes,
    algorithm: str,
) -> str:
    """
    Encodes the specified claims into a JSON Web Token (JWT).

    Parameters:
        claims: A dictionary containing the claims to be included in the JWT.
        secret_key: The secret key used to sign the JWT.
        algorithm: The signing algorithm to be used for the JWT.

    Returns:
        str: A string representation of the encoded JWT.

    Raises:
         NotImplementedError: If this method is not implemented in a subclass.
    """

    raise NotImplementedError

decode abstractmethod 

decode(token, secret_key, algorithm, at_hash=None)

Decodes a JSON Web Token (JWT) and validates its claims.

PARAMETER DESCRIPTION
token

The JWT string to be decoded.

TYPE: str

secret_key

The secret key used to validate the JWT signature.

TYPE: str | bytes

algorithm

The signing algorithm used to verify the JWT,

TYPE: str

at_hash

Optional parameter for additional handling of access tokens.

TYPE: Optional[str] DEFAULT: None

RETURNS DESCRIPTION
dicy

A dictionary containing the claims if the token is valid, or None if the token is invalid or expired.

TYPE: dict | None

RAISES DESCRIPTION
NotImplementedError

If this method is not implemented in a subclass.
Source code in webtool/auth/manager.py 
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
@abstractmethod
def decode(
    self,
    token: str,
    secret_key: str | bytes,
    algorithm: str,
    at_hash: Optional[str] = None,
) -> dict | None:
    """
    Decodes a JSON Web Token (JWT) and validates its claims.

    Parameters:
        token: The JWT string to be decoded.
        secret_key: The secret key used to validate the JWT signature.
        algorithm: The signing algorithm used to verify the JWT,
        at_hash: Optional parameter for additional handling of access tokens.

    Returns:
        dicy: A dictionary containing the claims if the token is valid, or None if the token is invalid or expired.

    Raises:
         NotImplementedError: If this method is not implemented in a subclass.
    """

    raise NotImplementedError

JWTManager 

JWTManager(options=None)

Bases: BaseJWTManager

JWT manager for encoding and decoding JSON Web Tokens.

Source code in webtool/auth/manager.py 
72
73
def __init__(self, options: dict[str, bool | list[str]] | None = None):
    self.jwt = pyjwt.PyJWT(options or self._get_default_options())

jwt instance-attribute 

jwt = PyJWT(options or _get_default_options())

encode 

encode(claims, secret_key, algorithm)

Encodes the specified claims into a JSON Web Token (JWT) with a specified expiration time.

PARAMETER DESCRIPTION
claims

A dictionary containing the claims to be included in the JWT.

TYPE: dict

secret_key

The secret key used to sign the JWT.

TYPE: str | bytes

algorithm

The signing algorithm to use for the JWT, defaults to 'ES384'.

TYPE: str

RETURNS DESCRIPTION
str

Json Web Token (JWT).

TYPE: str

Source code in webtool/auth/manager.py 
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
def encode(
    self,
    claims: dict,
    secret_key: str | bytes,
    algorithm: str,
) -> str:
    """
    Encodes the specified claims into a JSON Web Token (JWT) with a specified expiration time.

    Parameters:
        claims: A dictionary containing the claims to be included in the JWT.
        secret_key: The secret key used to sign the JWT.
        algorithm: The signing algorithm to use for the JWT, defaults to 'ES384'.

    Returns:
        str: Json Web Token (JWT).
    """

    return self.jwt.encode(claims, secret_key, algorithm)

decode 

decode(
    token,
    secret_key,
    algorithm,
    at_hash=None,
    raise_error=False,
    options=None,
)

Decodes a JSON Web Token (JWT) and returns the claims if valid.

PARAMETER DESCRIPTION
token

The JWT string to be decoded.

TYPE: str

secret_key

The secret key used to validate the JWT signature.

TYPE: str | bytes

algorithm

The signing algorithm used for verification JWT, defaults to 'ES384'.

TYPE: str

at_hash

Optional parameter for additional handling of access tokens.

TYPE: Optional[str] DEFAULT: None

raise_error

Optional parameter for additional handling of error messages.

TYPE: bool DEFAULT: False

options

Optional parameters for additional handling of additional errors.

TYPE: dict[str, bool | list[str]] | None DEFAULT: None

RETURNS DESCRIPTION
dict

A dictionary containing the claims if the token is valid, or None if the token is invalid or expired.

TYPE: dict | None

Source code in webtool/auth/manager.py 
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
def decode(
    self,
    token: str,
    secret_key: str | bytes,
    algorithm: str,
    at_hash: Optional[str] = None,
    raise_error: bool = False,
    options: dict[str, bool | list[str]] | None = None,
) -> dict | None:
    """
    Decodes a JSON Web Token (JWT) and returns the claims if valid.

    Parameters:
        token: The JWT string to be decoded.
        secret_key: The secret key used to validate the JWT signature.
        algorithm: The signing algorithm used for verification JWT, defaults to 'ES384'.
        at_hash: Optional parameter for additional handling of access tokens.
        raise_error: Optional parameter for additional handling of error messages.
        options: Optional parameters for additional handling of additional errors.

    Returns:
        dict: A dictionary containing the claims if the token is valid, or None if the token is invalid or expired.
    """

    try:
        res = self.jwt.decode(token, secret_key, algorithms=[algorithm], options=options)

        if at_hash and res.get("at_hash") != at_hash:
            raise ValueError("Invalid token")

        return res

    except pyjwt.InvalidTokenError as e:
        if raise_error:
            raise e
        else:
            return None
    except ValueError as e:
        if raise_error:
            raise e
        else:
            return None