I started to play with nameko.
I made one rpc service with sqlite as backend,
one http gateway service (as in nameko-examples)
and one rpc auth service which generates jwt token.
gateway service has auth endpoint which calls auth service authenticate (username, password) and returns token.
Other gateway endpoint methods call the other rpc service, I send token in http header and then pass that token to rpc service methods as explicit method parameter.
rpc service then checks if token is valid and if specified role is granted for the operation, best by calling auth service.
Is there a better way of doing something like that, token authentication and authorization?
Darko
from nameko.web.server import WebServer as BaseWebServer
from nameko.web.handlers import HttpRequestHandler as BaseHttpRequestHandler
class WebServer(BaseWebServer):
def context_data_from_headers(self, request):
context_data = super().context_data_from_headers(request)
context_data['authorization'] = self.get_auth_token(request)
return context_data
@staticmethod
def get_auth_token(request):
auth = request.headers.get('Authorization', None)
if not auth:
return
parts = auth.split()
if len(parts) != 2:
raise BadRequest(
'Authorization header must be auth-scheme + \s + auth-param'
)
return {'scheme': parts[0], 'param': parts[1]}
class HttpEntrypoint(BaseHttpRequestHandler):
server = WebServer()
http = HttpEntrypoint.decorator
import jwt
from nameko.extensions import DependencyProvider
class Auth(DependencyProvider):
def get_dependency(self, worker_ctx):
self.secret = 'secretive_secret' # Grab it from config
self.jwt = None
auth = self.worker_ctx.data.get('authorization', None)
if auth and auth['scheme'].lower() == 'bearer':
self.jwt = auth['param']
def decode_jwt(self):
"""Decode a JWT using the given secret and algorithm."""
return jwt.decode(
self.jwt, self.secret, algorithm='HS256', issuer='auth'
)
from . import Auth, http
class MyService:
name = 'my-service'
auth = Auth()
@http('GET', '/')
def get_something(self, request):
jwt_payload = self.auth.decode_jwt()
class MyService:
name = 'my-service'
auth = Auth()
@http('GET', '/')
def get_something(self, request):
jwt_payload = self.auth.decode_jwt()
--
You received this message because you are subscribed to a topic in the Google Groups "nameko-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/nameko-dev/KQ0R7zYrpq8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to nameko-dev+unsubscribe@googlegroups.com.
To post to this group, send email to namek...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/nameko-dev/b1cd2268-576a-44d4-8d52-1e9a09d63595%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and all its topics, send an email to nameko-dev+...@googlegroups.com.