%global _empty_manifest_terminate_build 0 Name: python-aad-token-verify Version: 0.2.0 Release: 1 Summary: A python utility library to verify an Azure Active Directory OAuth token License: MIT URL: https://github.com/GeneralMills/azure-ad-token-verify Source0: https://mirrors.aliyun.com/pypi/web/packages/55/44/bfb8208cdc163da2deb00921231e089a9136c4bdc693f2417a0010ce4663/aad-token-verify-0.2.0.tar.gz BuildArch: noarch Requires: python3-requests Requires: python3-PyJWT Requires: python3-cryptography Requires: python3-cachetools %description [![Tests](https://github.com/GeneralMills/azure-ad-token-verify/workflows/Test%20and%20Analysis/badge.svg)](https://github.com/GeneralMills/azure-ad-token-verify/actions) [![PyPi](https://img.shields.io/pypi/pyversions/aad-token-verify.svg)](https://pypi.python.org/pypi/aad-token-verify) # aad-token-verify A python utility library to verify an Azure Active Directory OAuth token. Meant for resource servers serving secured API endpoints (eg FastAPI) ## Install ```bash python3 -m pip install aad-token-verify ``` ## Usage To use stand alone, simply import the verify payload function and call. ```python from aad_token_verify import get_verified_payload token_verifier = get_verified_payload(token, tenant_id="YOUR_TENANT_ID", audience_uris=["AUDIENCE_URI"]) ``` To use with FastAPI, there's some setup to get the Swagger docs to work ```python from fastapi import Depends, FastAPI from fastapi.openapi.models import OAuthFlowImplicit, OAuthFlows from fastapi.middleware.cors import CORSMiddleware from fastapi.security import OAuth2 from aad_token_verify import get_verified_payload # TODO Update these with your Tenant ID, Audience URI, and Client ID _TENANT_ID = "ISSUER_TENANT_ID" _AUDIENCE_URI = "https://YOUR_AUDIENCE_URI" _AAD_CLIENT_ID = "CLIENT_ID" oauth2_scheme = OAuth2( flows=OAuthFlows( implicit=OAuthFlowImplicit( authorizationUrl=f"https://login.microsoftonline.com/{_TENANT_ID}/oauth2/v2.0/authorize", scopes={ f"{_AUDIENCE_URI}/.default": "Custom Audience URI scope", "openid": "OpenID scope", "profile": "Profile scope", "email": "email scope", }, ) ) ) async def get_current_user( auth_header: str = Depends(oauth2_scheme), # noqa: B008 ): scheme, _, token = auth_header.partition(" ") return get_verified_payload( token, tenantId=_TENANT_ID, audience_uris=[_AUDIENCE_URI], ) app = FastAPI() app.add_middleware( CORSMiddleware, allow_origins=["*"], allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) app.swagger_ui_init_oauth = { "usePkceWithAuthorizationCodeGrant": True, "clientId": _AAD_CLIENT_ID, "scopes": [f"{_AUDIENCE_URI}.default"], } @app.get("/") async def secured_endpoint(user=Depends(get_current_user)): return user ``` ## Contributing Feel free to submit issues and pull requests! %package -n python3-aad-token-verify Summary: A python utility library to verify an Azure Active Directory OAuth token Provides: python-aad-token-verify BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-aad-token-verify [![Tests](https://github.com/GeneralMills/azure-ad-token-verify/workflows/Test%20and%20Analysis/badge.svg)](https://github.com/GeneralMills/azure-ad-token-verify/actions) [![PyPi](https://img.shields.io/pypi/pyversions/aad-token-verify.svg)](https://pypi.python.org/pypi/aad-token-verify) # aad-token-verify A python utility library to verify an Azure Active Directory OAuth token. Meant for resource servers serving secured API endpoints (eg FastAPI) ## Install ```bash python3 -m pip install aad-token-verify ``` ## Usage To use stand alone, simply import the verify payload function and call. ```python from aad_token_verify import get_verified_payload token_verifier = get_verified_payload(token, tenant_id="YOUR_TENANT_ID", audience_uris=["AUDIENCE_URI"]) ``` To use with FastAPI, there's some setup to get the Swagger docs to work ```python from fastapi import Depends, FastAPI from fastapi.openapi.models import OAuthFlowImplicit, OAuthFlows from fastapi.middleware.cors import CORSMiddleware from fastapi.security import OAuth2 from aad_token_verify import get_verified_payload # TODO Update these with your Tenant ID, Audience URI, and Client ID _TENANT_ID = "ISSUER_TENANT_ID" _AUDIENCE_URI = "https://YOUR_AUDIENCE_URI" _AAD_CLIENT_ID = "CLIENT_ID" oauth2_scheme = OAuth2( flows=OAuthFlows( implicit=OAuthFlowImplicit( authorizationUrl=f"https://login.microsoftonline.com/{_TENANT_ID}/oauth2/v2.0/authorize", scopes={ f"{_AUDIENCE_URI}/.default": "Custom Audience URI scope", "openid": "OpenID scope", "profile": "Profile scope", "email": "email scope", }, ) ) ) async def get_current_user( auth_header: str = Depends(oauth2_scheme), # noqa: B008 ): scheme, _, token = auth_header.partition(" ") return get_verified_payload( token, tenantId=_TENANT_ID, audience_uris=[_AUDIENCE_URI], ) app = FastAPI() app.add_middleware( CORSMiddleware, allow_origins=["*"], allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) app.swagger_ui_init_oauth = { "usePkceWithAuthorizationCodeGrant": True, "clientId": _AAD_CLIENT_ID, "scopes": [f"{_AUDIENCE_URI}.default"], } @app.get("/") async def secured_endpoint(user=Depends(get_current_user)): return user ``` ## Contributing Feel free to submit issues and pull requests! %package help Summary: Development documents and examples for aad-token-verify Provides: python3-aad-token-verify-doc %description help [![Tests](https://github.com/GeneralMills/azure-ad-token-verify/workflows/Test%20and%20Analysis/badge.svg)](https://github.com/GeneralMills/azure-ad-token-verify/actions) [![PyPi](https://img.shields.io/pypi/pyversions/aad-token-verify.svg)](https://pypi.python.org/pypi/aad-token-verify) # aad-token-verify A python utility library to verify an Azure Active Directory OAuth token. Meant for resource servers serving secured API endpoints (eg FastAPI) ## Install ```bash python3 -m pip install aad-token-verify ``` ## Usage To use stand alone, simply import the verify payload function and call. ```python from aad_token_verify import get_verified_payload token_verifier = get_verified_payload(token, tenant_id="YOUR_TENANT_ID", audience_uris=["AUDIENCE_URI"]) ``` To use with FastAPI, there's some setup to get the Swagger docs to work ```python from fastapi import Depends, FastAPI from fastapi.openapi.models import OAuthFlowImplicit, OAuthFlows from fastapi.middleware.cors import CORSMiddleware from fastapi.security import OAuth2 from aad_token_verify import get_verified_payload # TODO Update these with your Tenant ID, Audience URI, and Client ID _TENANT_ID = "ISSUER_TENANT_ID" _AUDIENCE_URI = "https://YOUR_AUDIENCE_URI" _AAD_CLIENT_ID = "CLIENT_ID" oauth2_scheme = OAuth2( flows=OAuthFlows( implicit=OAuthFlowImplicit( authorizationUrl=f"https://login.microsoftonline.com/{_TENANT_ID}/oauth2/v2.0/authorize", scopes={ f"{_AUDIENCE_URI}/.default": "Custom Audience URI scope", "openid": "OpenID scope", "profile": "Profile scope", "email": "email scope", }, ) ) ) async def get_current_user( auth_header: str = Depends(oauth2_scheme), # noqa: B008 ): scheme, _, token = auth_header.partition(" ") return get_verified_payload( token, tenantId=_TENANT_ID, audience_uris=[_AUDIENCE_URI], ) app = FastAPI() app.add_middleware( CORSMiddleware, allow_origins=["*"], allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) app.swagger_ui_init_oauth = { "usePkceWithAuthorizationCodeGrant": True, "clientId": _AAD_CLIENT_ID, "scopes": [f"{_AUDIENCE_URI}.default"], } @app.get("/") async def secured_endpoint(user=Depends(get_current_user)): return user ``` ## Contributing Feel free to submit issues and pull requests! %prep %autosetup -n aad-token-verify-0.2.0 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-aad-token-verify -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Thu Jun 08 2023 Python_Bot - 0.2.0-1 - Package Spec generated