task: Imports legacy authlib

.gitignore

@@ -138,4 +138,7 @@ dmypy.json
 cython_debug/
 
 # PyCharm
-.idea
+.idea
+
+# vscode
+.vscode

Pipfile

@@ -7,11 +7,14 @@ name = "pypi"
 format = "pipenv run autopep8 . --recursive --in-place --pep8-passes 2000 --verbose"
 
 [packages]
-brighthive-jwt = {editable = true, path = "."}
+requests = "*"
+flask = "*"
+pyjwt = {extras = ["crypto"], version = "*"}
 
 [dev-packages]
 pytest = "*"
 autopep8 = "*"
+setuptools = "*"
 
 [requires]
 python_version = "3.8"

bhjwt/__init__.py

@@ -1 +1,4 @@
 from bhjwt.main import create_asserter
+from bhjwt.config import AuthLibConfiguration
+from bhjwt.providers import BrightHiveProvider, OAuth2ProviderFactory, OAuth2ProviderError
+from bhjwt.decorators.token_required_decorator import token_required

bhjwt/config/__init__.py

@@ -0,0 +1 @@
+from bhjwt.config.config import AuthLibConfiguration

bhjwt/config/config.py

@@ -0,0 +1,28 @@
+"""Application configuration.
+
+"""
+
+
+class AuthLibConfiguration(object):
+    """Configuration class.
+
+    This class encapsulates all the necessary information needed by
+    an OAuth 2.0 provider in order to validate a token.
+
+    Args:
+        provider (str): Name of the OAuth 2.0 provider.
+        base_url (str): Base URL for the OAuth 2.0 provider.
+        jwks_url (str): URL for retrieving the application JSON Web Key Set.
+        algorithms (list): Accepted JWT algorithms.
+        audience (str): OAuth 2.0 audience parameter.
+
+    """
+
+    def __init__(self, provider: str = None, base_url: str = None,
+                 jwks_url: str = None, algorithms: list = None,
+                 audience: str = None):
+        self.provider = provider
+        self.base_url = base_url
+        self.jwks_url = jwks_url
+        self.algorithms = algorithms
+        self.audience = audience

bhjwt/decorators/token_required_decorator.py

@@ -0,0 +1,16 @@
+"""Access Token Decorator
+
+This decorator can be used to wrap any endpoint that needs to be protected.
+
+"""
+
+from bhjwt.providers import OAuth2Provider
+
+
+def token_required(provider: OAuth2Provider, scopes: list = []):
+    def wrap(f):
+        def wrapped_f(*args, **kwargs):
+            if provider.validate_token(scopes=scopes):
+                return f(*args, **kwargs)
+        return wrapped_f
+    return wrap

bhjwt/providers/__init__.py

@@ -0,0 +1,15 @@
+"""OAuth 2.0 Providers
+
+This module contains implementation-specific methods for all OAuth 2.0
+providers supported by the library.
+
+Note:
+    To add a new provider, ensure that the provider extends the OAuth2Provider
+    base class.
+
+"""
+
+from bhjwt.providers.provider_error import OAuth2ProviderError
+from bhjwt.providers.provider import OAuth2Provider
+from bhjwt.providers.brighthive_provider import BrightHiveProvider
+from bhjwt.providers.provider_factory import OAuth2ProviderFactory

bhjwt/providers/brighthive_provider.py

@@ -0,0 +1,34 @@
+"""BrightHive OAuth 2.0 Provider.
+
+Implementation of a BrightHive OAuth 2.0 Provier.
+
+"""
+
+import requests
+import json
+from bhjwt.providers import OAuth2Provider, OAuth2ProviderError
+
+
+class BrightHiveProvider(OAuth2Provider):
+    """BrightHive OAuth 2.0 Provider."""
+
+    def __init__(self):
+        super().__init__()
+
+    def validate_token(self, token=None, scopes=[]):
+        if not token:
+            token = self.get_token()
+
+        try:
+            headers = {'content-type': 'application/json'}
+            validate_ep = f'{self.base_url}/oauth/validate'
+            payload = {'token': token}
+            query = requests.post(
+                validate_ep, data=json.dumps(payload), headers=headers)
+            resp = query.json()
+            if resp['messages']['valid']:
+                return True
+            else:
+                raise OAuth2ProviderError('Access Denied')
+        except Exception:
+            raise OAuth2ProviderError('Access Denied')