atlassian-jwt-auth

v18.0.1

Python implementation of the Atlassian Service to Service Authentication specification. For more information about how to use this package see README

Latest version published 3 months ago

License: MIT

PyPI

GitHub

Package Health Score

71 / 100

security
No known security issues
popularity
Recognized
maintenance
Healthy
community
Limited

Popularity

Recognized

GitHub Stars: 21
Forks: 22
Contributors: 20

Direct Usage Popularity

Based on project statistics from the GitHub repository for the PyPI package atlassian-jwt-auth, we found that it has been starred 21 times.

Security

No known security issues

Security and license risk for latest version

Release Date: Jan 8, 2024
Direct Vulnerabilities: 0
C
0
H
0
M
0
L
Indirect Vulnerabilities: 0
C
0
H
0
M
0
L
License Risk: 0
H
2
M
0
L

All security vulnerabilities belong to production dependencies of direct and indirect packages.

License

MIT

Security Policy

We found a way for you to contribute to the project! Looks like atlassian-jwt-auth is missing a security policy.

You can connect your project's repository to Snyk to stay up to date on security alerts and receive automatic fix pull requests.

Keep your project free of vulnerabilities with Snyk

Maintenance

Healthy

Commit Frequency

Open Issues: 3
Open PR: 4
Last Release: 3 months ago
Last Commit: 3 months ago

Further analysis of the maintenance status of atlassian-jwt-auth based on released PyPI versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that atlassian-jwt-auth demonstrates a positive version release cadence with at least one new version released in the past 12 months.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Community

Limited

Readme: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 20
Funding: No

With more than 10 contributors for the atlassian-jwt-auth repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like atlassian-jwt-auth is missing a Code of Conduct.

Embed Package Health Score Badge

Keep your project healthy

Check your requirements.txt

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Python Versions Compatibility: ==3.10.*, ==3.11.*, ==3.8.*, ==3.9.*

Age: 9 years
Latest Release: 3 months ago
Dependencies: 3 Direct / 9 Total
Versions: 75
Maintainers: 3
Wheels: OS Independent

Readme

Atlassian JWT authentication

This package provides an implementation of the Service to Service Authentication specification.

Installation

To install simply run

$ pip install atlassian-jwt-auth

Using this library

To create a JWT for authentication

import atlassian_jwt_auth


signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem)
a_jwt = signer.generate_jwt('audience')

To create a JWT using a file on disk in the conventional location

Each time you call generate_jwt this will find the latest active key file (ends with .pem) and use it to generate your JWT.

import atlassian_jwt_auth


signer = atlassian_jwt_auth.create_signer_from_file_private_key_repository('issuer', '/opt/jwtprivatekeys')
a_jwt = signer.generate_jwt('audience')

To create a JWT using a data uri

import atlassian_jwt_auth
from atlassian_jwt_auth.key import DataUriPrivateKeyRetriever

key_id, private_key_pem = DataUriPrivateKeyRetriever('Your base64 encoded data uri').load('issuer')
signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem)
a_jwt = signer.generate_jwt('audience')

To make an authenticated HTTP request

If you use the atlassian_jwt_auth.contrib.requests.JWTAuth provider, you can automatically generate JWT tokens when using the requests library to perform authenticated HTTP requests.

import atlassian_jwt_auth
from atlassian_jwt_auth.contrib.requests import JWTAuth

signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem)
response = requests.get(
    'https://your-url',
    auth=JWTAuth(signer, 'audience')
)

One can also use atlassian_jwt_auth.contrib.aiohttp.JWTAuth to authenticate aiohttp requests:

import aiohttp

import atlassian_jwt_auth
from atlassian_jwt_auth.contrib.aiohttp import JWTAuth

signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem)

async with aiohttp.ClientSession() as session:
    async with session.get('https://your-url',
                           auth=JWTAuth(signer, 'audience')) as resp:
        ...

If you want to reuse tokens that have the same claim within their period of validity then pass through reuse_jwts=True when calling create_signer. For example:

import atlassian_jwt_auth
from atlassian_jwt_auth.contrib.requests import JWTAuth

signer = atlassian_jwt_auth.create_signer('issuer', 'issuer/key', private_key_pem, reuse_jwts=True)
response = requests.get(
    'https://your-url',
    auth=JWTAuth(signer, 'audience')
)

To verify a JWT

import atlassian_jwt_auth

public_key_retriever = atlassian_jwt_auth.HTTPSPublicKeyRetriever('https://example.com')
verifier = atlassian_jwt_auth.JWTAuthVerifier(public_key_retriever)
verified_claims = verifier.verify_jwt(a_jwt, 'audience')

For Python versions starting from Python 3.5, note this library no longer supports python 3.5, atlassian_jwt_auth.contrib.aiohttp provides drop-in replacements for the components that perform HTTP requests, so that they use aiohttp instead of requests:

import atlassian_jwt_auth.contrib.aiohttp

public_key_retriever = atlassian_jwt_auth.contrib.aiohttp.HTTPSPublicKeyRetriever('https://example.com')
verifier = atlassian_jwt_auth.contrib.aiohttp.JWTAuthVerifier(public_key_retriever)
verified_claims = await verifier.verify_jwt(a_jwt, 'audience')

atlassian-jwt-auth dependencies

cachecontrol pyjwt requests

FAQs

What is atlassian-jwt-auth?

Python implementation of the Atlassian Service to Service Authentication specification. Visit Snyk Advisor to see a full health score report for atlassian-jwt-auth, including popularity, security, maintenance & community analysis.

Is atlassian-jwt-auth popular?

The python package atlassian-jwt-auth receives a total of 55,476 weekly downloads. As such, atlassian-jwt-auth popularity was classified as a recognized. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is atlassian-jwt-auth well maintained?

We found that atlassian-jwt-auth demonstrated a healthy version release cadence and project activity. It has a community of 20 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is atlassian-jwt-auth safe to use?

The python package atlassian-jwt-auth was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 19 April-2024, at 11:20 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP