-
- Downloads
feat: verify API Gateway id token in request
Add verification for the Authorization header for incoming requests. The defaults are to verify that the request is appropriately authenticated with a Google service account corresponding to the API Gateway. Expected issuer, authorised parties, issuer certificate URLs, etc can be customised via settings. This is unlikely to be used in production but is useful when combined with the API Gateway emulator for local development. Verification can be disabled entirely by setting an appropriately dire-named setting. Tests have been updated to exercise verification assuming that the Google verification library works as documented. Closes #4
parent
57409a46
No related branches found
No related tags found
Showing
- .pre-commit-config.yaml 1 addition, 1 deletion.pre-commit-config.yaml
- CHANGELOG.md 7 additions, 0 deletionsCHANGELOG.md
- README.md 19 additions, 0 deletionsREADME.md
- apigatewayauth/authentication.py 43 additions, 0 deletionsapigatewayauth/authentication.py
- apigatewayauth/id_token.py 105 additions, 0 deletionsapigatewayauth/id_token.py
- apigatewayauth/tests/test_apigateway_auth.py 119 additions, 2 deletionsapigatewayauth/tests/test_apigateway_auth.py
- poetry.lock 93 additions, 9 deletionspoetry.lock
- pyproject.toml 3 additions, 1 deletionpyproject.toml
Loading
Please register or sign in to comment