GitLocker: The Coding Marketplace

Description:

atlassianjwt 3.0.0

codebeat
badge
JSON Web Token (JWT) authentication and encoding
library for Python 2 and 3. Extends
pyjwt to include Atlassian
Connect’s custom query string
hash
(qsh) claim.
This package is on pypi
so you can use pip to install it
pip install atlassian-jwt

Tenant information
This package makes references to Atlassian Connect’s tenant information
data
structure.
Specfically the clientKey and sharedSecret fields are used when
encoding a JWT token. Here is an example of the complete tenant
information data structure as is passed to a Connect Addon with the
installed lifecycle callback.
{
"key": "installed-addon-key",
"clientKey": "unique-client-identifier",
"publicKey": "MIGf....ZRWzwIDAQAB",
"sharedSecret": "a-secret-key-not-to-be-lost",
"serverVersion": "server-version",
"pluginsVersion": "version-of-connect",
"baseUrl": "http://example.atlassian.net",
"productType": "jira",
"description": "Atlassian JIRA at https://example.atlassian.net",
"serviceEntitlementNumber": "SEN-number",
"eventType": "installed"
}
Where

clientKey is an identifying key for the Atlassian product instance
that the add-on was installed into.
sharedSecret is the string that should be used to sign outgoing JWT
tokens and validate incoming JWT tokens.

Authentication
This package provides an abstract base class that can be subclassed to
provide authentication to an Atlassian Connect Addon. Here is an example
of that use
import atlassian_jwt

class MyAddon(atlassian_jwt.Authenticator):
def __init__(self, tenant_info_store):
super(MyAddon, self).__init__()
self.tenant_info_store = tenant_info_store

def get_shared_secret(self, client_key):
tenant_info = self.tenant_info_store.get(client_key)
return tenant_info['sharedSecret']

my_auth = MyAddon(tenant_info_store)
try:
client_key, claims = my_auth.authenticate(http_method, url, headers)
# authentication succeeded
except atlassian_jwt.DecodeError:
# authentication failed
pass

Encoding
Atlassian Connect Addon can make API calls back to the host application.
These API calls include a JWT token for authentication. This package
provides an encode_token function to do this work. Here is an
example of its use
import atlassian_jwt

token = atlassian_jwt.encode_token(http_method, url, **tenant_info)
headers = {'Authorization': 'JWT {}'.format(token)}

Understanding JWT for Atlassian Connect

Understanding JWT for Atlassian
Connect
Understanding
JWT
Creating a query string
hash

Running the tests
pip3.8 install -e . && pip3.8 install -r requirements.txt && python3.8 -m pytest