xia_token_flask.token.FlaskToken

class xia_token_flask.token.FlaskToken

Bases: object

JWT management

Workflow is quite straight forward:

  • Using Access token when it is available

  • When Access token is not available, using refresh token to get a new access token

  • When refresh token is not there, redirect to authentication process

JWT keys:

  • Need to rotate the key so key is a list

  • Encode with the first key

  • Decode with one of given key list

Token type:

  • Access Token: The token contains user information and user acl, will have a short expiration time

  • Refresh Token: The token allows to generate access token, will have a long expiration time but narrow scope

  • Refresh Signal: Sign that a refresh token might exist

__init__()

Methods

__init__()

active_root_header_token(resp)

generate_access_token(user_id, user_acl, ...)

Generate an Access Token:

generate_confirm_token(user_id, token_info)

Generate a confirmation token:

generate_login_token(user_id, hashed_passwd, ...)

Generate a password reset Token:

generate_refresh_signal(user_id, token_info)

Generate a refresh Signal:

generate_refresh_token(user_id, token_info)

Generate a refresh Token:

get_app_header_token([header_token])

get_origin_fqdn()

get_root_domain()

get_root_header_token([header_token])

parse_access_token([access_token])

Get information of access token

parse_confirm_token(confirm_token)

Parse the information of a confirmation token

parse_login_token(login_token)

Parse the information of a password reset token

parse_refresh_signal([refresh_signal])

Parse the information of a refresh Signal

parse_refresh_token([refresh_token])

Get the information of refresh token

parse_token(token)

Parse token and get payload

remove_all_tokens(resp)

remove_app_header_token(resp)

remove_root_header_token(resp)

set_access_token(resp, user_id, user_acl, ...)

Set Access Token:

set_app_header_token(resp, app_name, ...)

set_refresh_token(resp, user_id, token_info)

Set Refresh Token ans Refresh Signal

set_root_header_token(resp, user_info)

Set Root Header token

Attributes

ACCESS_TOKEN_LIFETIME

Lifetime of access token

ACCESS_TOKEN_NAME

Access token name

ACCESS_TOKEN_PATH

Refresh Token Cookie Path should be bound to.

APP_HEADER_TOKEN_NAME

App Menu Token

CONFIRM_TOKEN_LIFETIME

Lifetime of confirmation token

CONFIRM_TOKEN_NAME

Confirm token name

ISSUER_ID

Name of Issuer

LOGIN_TOKEN_LIFETIME

Lifetime of login token

LOGIN_TOKEN_NAME

Password reset token

REFRESH_SIGNAL_NAME

Refresh signal token name

REFRESH_TOKEN_LIFETIME

Lifetime of refresh token

REFRESH_TOKEN_NAME

Refresh token name

REFRESH_TOKEN_PATH

Refresh Token Cookie Path should be bound to.

ROOT_HEADER_TOKEN_NAME

Root Menu Token

keys

keys to be used to encrypt token
ACCESS_TOKEN_LIFETIME = 3600

Lifetime of access token

ACCESS_TOKEN_NAME = 'xia_access_token'

Access token name

ACCESS_TOKEN_PATH = '/'

Refresh Token Cookie Path should be bound to. Change default value to enforce security

APP_HEADER_TOKEN_NAME = 'xia_app_header_token'

App Menu Token

CONFIRM_TOKEN_LIFETIME = 86400

Lifetime of confirmation token

CONFIRM_TOKEN_NAME = 'xia_confirm_token'

Confirm token name

ISSUER_ID = 'xia_token'

Name of Issuer

LOGIN_TOKEN_LIFETIME = 3600

Lifetime of login token

LOGIN_TOKEN_NAME = 'xia_password_reset_token'

Password reset token

REFRESH_SIGNAL_NAME = 'xia_refresh_signal'

Refresh signal token name

REFRESH_TOKEN_LIFETIME = 67108864

Lifetime of refresh token

REFRESH_TOKEN_NAME = 'xia_refresh_token'

Refresh token name

REFRESH_TOKEN_PATH = '/'

Refresh Token Cookie Path should be bound to. Change default value to enforce security

ROOT_HEADER_TOKEN_NAME = 'xia_root_header_token'

Root Menu Token

classmethod generate_access_token(user_id: str, user_acl: Acl, user_profile: dict, token_info: dict)

Generate an Access Token:

Parameters

  • user_id (str) – token user id

  • user_acl (Acl) – User ACL

  • user_profile (dict) – attached user profile (permission + profile)

  • token_info (dict) – token related information

classmethod generate_confirm_token(user_id: str, token_info: dict)

Generate a confirmation token:

Parameters

  • user_id (str) – token user id

  • token_info (dict) – token related information

classmethod generate_login_token(user_id: str, hashed_passwd: str, token_info: dict)

Generate a password reset Token:

Parameters

  • user_id (str) – token user id

  • hashed_passwd (str) – sha256 of hashed password (hash on hash)

  • token_info (dict) – token related information

classmethod generate_refresh_signal(user_id: str, token_info: dict)

Generate a refresh Signal:

Parameters

  • user_id (str) – token user id

  • token_info (dict) – token related information

classmethod generate_refresh_token(user_id: str, token_info: dict)

Generate a refresh Token:

Parameters

  • user_id (str) – token user id

  • token_info (dict) – token related information

keys = []

keys to be used to encrypt token

classmethod parse_access_token(access_token: Optional[str] = None)

Get information of access token

Parameters

access_token (str) – Access Token

Returns

Username arg1 (list): User ACL : example [[domain/, read], [user/, *]] arg2 (dict): User profile arg3 (dict): Token related information

Return type

arg0 (str)

Notes

Expire in cookie in 15 minutes while 20 minutes in the payload.

classmethod parse_confirm_token(confirm_token: str)

Parse the information of a confirmation token

Parameters

confirm_token (str) – Refresh Signal

Returns

Username arg2 (dict): Token information

Return type

arg1 (str)

Notes

Expire in cookie in 15 minutes while 20 minutes in the payload.

classmethod parse_login_token(login_token: str)

Parse the information of a password reset token

Parameters

login_token (str) – Refresh Signal

Returns

Username arg1 (str): Hashed Password arg3 (dict): Token information

Return type

arg1 (str)

Notes

Expire in cookie in 15 minutes while 20 minutes in the payload.

classmethod parse_refresh_signal(refresh_signal: Optional[str] = None)

Parse the information of a refresh Signal

Parameters

refresh_signal (str) – Refresh Signal

Returns

Username arg2 (dict): Token information

Return type

arg1 (str)

classmethod parse_refresh_token(refresh_token: Optional[str] = None)

Get the information of refresh token

Parameters

refresh_token (str) – Refresh Token

Returns

Username arg2 (dict): Token information

Return type

arg1 (str)

classmethod parse_token(token: str)

Parse token and get payload

Parameters

token – token contents

Returns

token payload or {} if Token is wrong

classmethod set_access_token(resp: Response, user_id: str, user_acl: Acl, user_profile: dict, token_info: dict)

Set Access Token:

Parameters

  • resp (Response) – A http response which the cookies should be attached to

  • user_id (str) – token user id

  • user_acl (Acl) – User ACL

  • user_profile (dict) – attached user profile (permission + profile)

  • token_info (dict) – token related information

classmethod set_refresh_token(resp: Response, user_id: str, token_info: dict)

Set Refresh Token ans Refresh Signal

Parameters

  • resp (Response) – A http response which the cookies should be attached to

  • user_id (str) – token user id

  • token_info (dict) – token related information

classmethod set_root_header_token(resp: Response, user_info: dict)

Set Root Header token

Parameters

  • resp

  • user_info