Authorization request module¶
This module defines authorization helper functions using JWT.
Validate authorization.
Parameters: - request – Instance of
flask.request
. - security_settings – Python dictionary object containing security settings. Example of security object. AUTHORISATION_KEY and BYPASS_SECURITY are optional.
For example:
SECURITY = { 'AUTHORISATION_KEY': "aed9yhfapgaegaeg" 'JWT': { 'JWT_SIGNATURE_KEY': "vJmMvm44x6RJcVXNPy6UDcSfJHOHNHrT1tKpo4IQ4MU=", 'JWT_AUDIENCE': "vlbTest", 'JWT_ALGORITHM': "HS512", 'JWT_DURATION': 600 # The following is specified in seconds. } }
Currently, request is authorised if one of these 3 conditions is met:
- security_settings[“BYPASS_SECURITY”]=True and allow_security_bypass=True. In this case no security checks are made.
- authorisation_key = security_settings[“AUTHORISATION_KEY”] && authorisation_key != None.
- Requests headers contains an autorisation field with a token ‘Authorization’. JWT will validate this token.
Note
Does not check if security or request object are valid. Will crash if they are not.
- request – Instance of