Metadata-Version: 2.1
Name: py-jwt-validator
Version: 0.4.0b0
Summary: Python JWT Signature Validator - Asymetric Keys - From exponent and modulus
Home-page: https://github.com/adrianlazar-personal/py-jwt-validator
Author: Adrian Lazar
Author-email: adrian.lazar95@outlook.com
License: UNKNOWN
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Description-Content-Type: text/markdown

# py-jwt-validator

JWT Signature Validator, for JWT signed with Asymmetric Keys, public key compiled from exponent and modulus.

----------------
## Disclaimer
Currently, this package is just in beta status. More work is required until it can be considered "production ready".

----------------

## Realease notes:
Version | Release notes
------------ | -------------
0.4.0-beta | Security fix. Certificate Chain is mandatory for Okta Custom URL Domain.
0.3.0-beta | Minor release. Added support for Okta Custom URL Domain.
0.2.0-beta | Minor release. Added support for AWS Cognito JWT.
0.1.0-beta | Minor release. Increased configurability.
0.0.1-beta | First package release.

----------------

## Support IdPs:
* Okta
* AWS Cognito
* *More to come*

----------------

## Install
```
pip install py-jwt-validator
```

----------------

## Usage Guide
```
from py_jwt_validator import PyJwtValidator, PyJwtException
jwt = {access_token / id_token}
try:
    _jwt = PyJwtValidator(jwt)
except PyJwtException:
    print('Exception was catched.')
```

* The class **PyJwtValidator** currently accepts:

Attribute | Required | Default value
----------|----------|--------------
jwt | Yes | None
cid - OIDC Client ID | No | None
aud - Audience | No | None
iss - Issuer | No | None
auto_verify | No | **True**
check_expiry | No | **True**

* The class method **verify(**) currently accepts:

Attribute | Required | Default value
----------|----------|--------------
get_payload | No | **False**

----------------

## Process Chain
1. Once the class is instantiated the following checks are performed:
    * JWT Format
    * JWT Expiration time
    * JWT Claims if given when the class was instantiated.

2. After the above checks are done, it will verify the token signature with the public exponent and modulus obtained from the /keys endpoint. If the signature is valid, it will return **None**. Else, it will raise exception.

    * If a check fails at any given step, the exception **PyJwtException** will be raised.
    * The /keys endpoint will be compiled based on the 'iss' claim.
    * The response from /keys will be cached (**requests_cache**) for subsequent calls. Cache lifetime hardcoded to **24 hours**. Cache store is **sqlite**.

* If **auto_verify** is set to **False** the class will not perform the signature validation. To check the signature the **verify()** method needs to be used. By default, the method will return None. In order to return the decoded jwt payload **True** has to be passed. Example:
```
from py_jwt_validator import PyJwtValidator, PyJwtException
jwt = {access_token / id_token}
validator = PyJwtValidator(jwt, auto_verify=False)
try:
    payload = validator.verify(True)
    print(payload)
except PyJwtException:
    print('Exception was catched.')
```

----------------

### Note

The reason why this class returns **None** or exception is to provide more flexibility. Not everyone needs to return the decoded payload of the jwt. 

It is recommended to use it within **try:** **except** blocks. 

----------------
### UPCOMING IN FUTURE RELEASES

- [x] Disable auto signature verify - **auto_verify=False**
- [x] Return Payload or None - **get_payload=True**
- [x] Ommit expiry check - **check_expiry=False**
- [ ] Custom Claim validation
- [ ] Cache Control (use-case, cache-expiry)


----------------
# SUGGESTIONS?
Please feel free to email me at adrian.lazar95@outlook.com or adrian.lazar@okta.com. I am opened to improvement / suggestions and critics. 

