FAQ | This is a LIVE service | Changelog

Skip to content
Snippets Groups Projects
  • Dr Rich Wareham's avatar
    e7255d7c
    feat: verify API Gateway id token in request · e7255d7c
    Dr Rich Wareham authored
    Add verification for the Authorization header for incoming requests. The
    defaults are to verify that the request is appropriately authenticated
    with a Google service account corresponding to the API Gateway.
    
    Expected issuer, authorised parties, issuer certificate URLs, etc can be
    customised via settings. This is unlikely to be used in production but
    is useful when combined with the API Gateway emulator for local
    development.
    
    Verification can be disabled entirely by setting an appropriately
    dire-named setting.
    
    Tests have been updated to exercise verification assuming that the
    Google verification library works as documented.
    
    Closes #4
    e7255d7c
    History
    feat: verify API Gateway id token in request
    Dr Rich Wareham authored
    Add verification for the Authorization header for incoming requests. The
    defaults are to verify that the request is appropriately authenticated
    with a Google service account corresponding to the API Gateway.
    
    Expected issuer, authorised parties, issuer certificate URLs, etc can be
    customised via settings. This is unlikely to be used in production but
    is useful when combined with the API Gateway emulator for local
    development.
    
    Verification can be disabled entirely by setting an appropriately
    dire-named setting.
    
    Tests have been updated to exercise verification assuming that the
    Google verification library works as documented.
    
    Closes #4
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
To find the state of this project's repository at the time of any of these versions, check out the tags.

Changelog

0.0.6

Added:

  • Incoming requests now have their identity token verified as having been issued by the API Gateway if the API_GATEWAY_VERIFY_ID_TOKEN setting is True.

0.0.5

Added:

  • When authenticated, a non-database backed user object is associated with the request.

0.0.4

Added:

  • Repackaged using poetry.
  • Aligned code style with black and isort by means of pre-commit checks.

0.0.3

Added:

  • A changelog.