NXPY-215: Add support for the JSON Web Token authentication

nuxeo · Apr 8, 2021 · 8064ef0 · 8064ef0
1 parent ae2717b
commit 8064ef0
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 3 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -8,11 +8,12 @@ Release date: ``2021-0x-xx``
 
 - `NXPY-213 <https://jira.nuxeo.com/browse/NXPY-213>`__: Handle incomplete serialized HTTP error
 - `NXPY-214 <https://jira.nuxeo.com/browse/NXPY-214>`__: Add a code coverage GitHub Action on PRs
+- `NXPY-215 <https://jira.nuxeo.com/browse/NXPY-215>`__: Add support for the JSON Web Token authentication
 
 Technical changes
 -----------------
 
--
+- Added nuxeo/auth/jwt.py
 
 5.0.0
 -----

diff --git a/examples/authentication.rst b/examples/authentication.rst
@@ -13,6 +13,19 @@ Basic Authentication
     server = Nuxeo(host=host, auth=auth)
 
 
+JSON Web Token Authentication
+=============================
+
+.. code:: python
+
+    from nuxeo.auth import JWTAuth
+    from nuxeo.client import Nuxeo
+
+    host = "https://<HOST>/nuxeo/"
+    auth = JWTAuth("token")
+    server = Nuxeo(host=host, auth=auth)
+
+
 Portal SSO Authentication
 =========================
 

diff --git a/nuxeo/auth/__init__.py b/nuxeo/auth/__init__.py
@@ -1,7 +1,8 @@
 # coding: utf-8
 from __future__ import unicode_literals
 
+from .jwt import JWTAuth
 from .portal_sso import PortalSSOAuth
 from .token import TokenAuth
 
-__all__ = ("PortalSSOAuth", "TokenAuth")
+__all__ = ("JWTAuth", "PortalSSOAuth", "TokenAuth")
diff --git a/nuxeo/auth/jwt.py b/nuxeo/auth/jwt.py
@@ -0,0 +1,39 @@
+# coding: utf-8
+from __future__ import unicode_literals
+
+from ..compat import get_bytes
+from .base import AuthBase
+
+try:
+    from typing import TYPE_CHECKING
+
+    if TYPE_CHECKING:
+        from typing import Text
+        from requests import Request
+except ImportError:
+    pass
+
+
+class JWTAuth(AuthBase):
+    """ Attaches JSON Web Token Authentication to the given Request object. """
+
+    __slots__ = ("token",)
+
+    AUTHORIZATION = get_bytes("Authorization")
+
+    def __init__(self, token):
+        # type: (Text) -> None
+        self.token = token
+
+    def __eq__(self, other):
+        # type: (object) -> bool
+        return self.token == getattr(other, "token", None)
+
+    def __ne__(self, other):
+        # type: (object) -> bool
+        return not self == other
+
+    def __call__(self, r):
+        # type: (Request) -> Request
+        r.headers[self.AUTHORIZATION] = "Bearer " + self.token
+        return r
diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -4,7 +4,7 @@
 import pytest
 from requests import Request
 
-from nuxeo.auth import PortalSSOAuth, TokenAuth
+from nuxeo.auth import JWTAuth, PortalSSOAuth, TokenAuth
 from nuxeo.auth.utils import make_portal_sso_token
 from nuxeo.compat import text
 from nuxeo.exceptions import NuxeoError
@@ -13,6 +13,19 @@
 skip_logging = True
 
 
+def test_jwt():
+    auth = JWTAuth("<TOKEN>")
+    req = Request("GET", "https://httpbin.org/get", auth=auth)
+    prepared = req.prepare()
+    assert prepared.headers[auth.AUTHORIZATION] == "Bearer <TOKEN>"
+
+
+def test_jwt_equality():
+    auth1 = JWTAuth("secure secret")
+    auth2 = JWTAuth("other secret")
+    assert auth1 != auth2
+
+
 def test_make_portal_sso_token():
     timestamp = 1324572561000
     random = "qwertyuiop"