Metadata-Version: 2.1
Name: sanic_token_auth
Version: 0.2.0
Summary: A simple token-based auth plugin for Sanic
Home-page: https://github.com/saabeilin/sanic-token-auth
Author: Sergei Beilin
Author-email: saabeilin@gmail.com
License: MIT license
Keywords: sanic,authentication
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: Unix
Classifier: Operating System :: POSIX
Classifier: Operating System :: Microsoft :: Windows
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Utilities
License-File: AUTHORS.rst


Gotta get your API protected!
=============================

Token-based authentication is the most common way of protecting your APIs from unwanted folk.

Sometimes you need to do things *fast* (you know, get it to prod *yesterday*\ ) 
and you do not really have time to implement a proper authentication layer.

Okay, are you fine with a temporary solution? There's nothing more permanent than temporary, right.

If you can:


* 
  provide a simple async token verifier (say, checking it in memcached or Redis)

  or

* 
  hard-code a token in your app prototype,

  and also

* 
  sent the token in a request header

* 
  then we are ready to go.

Usage example
-------------

.. code-block:: python

   from sanic import Sanic
   from sanic.response import text

   from sanic_token_auth import SanicTokenAuth

   app = Sanic()
   auth = SanicTokenAuth(app, secret_key='utee3Quaaxohh1Oo', header='X-My-App-Auth-Token')


   @app.route("/")
   async def index(request):
       return text("Go to /protected")


   @app.route("/protected")
   @auth.auth_required
   async def protected(request):
       return text("Welcome!")


   if __name__ == "__main__":
       app.run(host="0.0.0.0", port=8000, debug=True)

And let's try it:

.. code-block:: bash

   $ curl http://localhost:8000/protected -H "X-My-App-Auth-Token: utee3Quaaxohh1Oo"

   Welcome!

If you omit the ``header`` argument, you can instead send a token in either 
``Authorization: Bearer <yourtoken>`` or ``Authorization: Token <yourtoken>`` 
header.

----

TODO:

 [ ] Document ``token_verifier`` and implement examples of using of 

 [ ] Implement "protect all" behaviour
