JWT Auth
This module provides an example of JWT Auth.
- class callouts.python.extproc.example.jwt_auth.service_callout_example.CalloutServerExample(*args: Any, **kwargs: Any)[source]
Bases:
CalloutServer
Example callout server.
For request header callouts we provide a mutation to add multiple headers based on the decoded fields for example ‘{decoded-name: John Doe}’, and to clear the route cache if the JWT Authorization is valid. A valid token example value can be found below.
Valid Token for RS256: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTcxMjE3MzQ2MSwiZXhwIjoyMDc1NjU4MjYxfQ.Vv-Lwn1z8BbVBGm-T1EKxv6T3XKCeRlvRrRmdu8USFdZUoSBK_aThzwzM2T8hlpReYsX9YFdJ3hMfq6OZTfHvfPLXvAt7iSKa03ZoPQzU8bRGzYy8xrb0ZQfrejGfHS5iHukzA8vtI2UAJ_9wFQiY5_VGHOBv9116efslbg-_gItJ2avJb0A0yr5uUwmE336rYEwgm4DzzfnTqPt8kcJwkONUsjEH__mePrva1qDT4qtfTPQpGa35TW8n9yZqse3h1w3xyxUfJd3BlDmoz6pQp2CvZkhdQpkWA1bnwpdqSDC7bHk4tYX6K5Q19na-2ff7gkmHZHJr0G9e_vAhQiE5w
- on_request_headers(headers: envoy.service.ext_proc.v3.external_processor_pb2.HttpHeaders, context: ServicerContext) envoy.service.ext_proc.v3.external_processor_pb2.HeadersResponse | None [source]
Deny token if validation fails and return an error message. See
callouts.python.extproc.service.callout_tools.deny_request()
for more information.If the token is valid, apply a header mutation. See
callouts.python.extproc.service.callout_tools.add_header_mutation()
for more information.See base method:
callouts.python.extproc.service.callout_server.CalloutServer.on_request_headers()
.
- callouts.python.extproc.example.jwt_auth.service_callout_example.extract_jwt_token(request_headers: envoy.service.ext_proc.v3.external_processor_pb2.HttpHeaders) str | None [source]
Extracts the JWT token from the request headers, specifically looking for the ‘Authorization’ header and parsing out the token part.
- Parameters:
request_headers (service_pb2.HttpHeaders) – The HTTP headers received in the request.
- Returns:
The extracted JWT token if found, otherwise None.
- Return type:
str
Example
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6… -> Returns: eyJhbGciOiJIUzI1NiIsInR5cCI6…
- callouts.python.extproc.example.jwt_auth.service_callout_example.validate_jwt_token(key: bytes, request_headers: envoy.service.ext_proc.v3.external_processor_pb2.HttpHeaders, algorithm: str) Any | None [source]
Validates the JWT token extracted from the request headers using a specified public key and algorithm. If valid, returns the decoded JWT payload; otherwise, logs an error and returns None.
- Parameters:
key (bytes) – The public key used for token validation.
request_headers (service_pb2.HttpHeaders) – The HTTP headers received in the request, used to extract the JWT token.
algorithm (str) – The algorithm with which the JWT was signed (e.g., ‘RS256’).
- Returns:
- The decoded JWT if validation is successful, None if the token is
invalid or an error occurs.
- Return type:
dict | None
- Raises:
InvalidTokenError – If the token is invalid or decoding fails.
Example
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6… -> Returns: {‘sub’: ‘1234567890’, ‘name’: ‘John Doe’, ‘iat’: 1712173461, ‘exp’: 2075658261}