arxiv.users.auth.tokens module

Functions for working with authn/z tokens on user/client requests.

Encrypted JSON Web Tokens can be used inside the arXiv system to securely convey authn/z information about each request. These tokens will usually be generated by the authorizer in response to an authorization subrequest from the web server, and contain information about the identity of the user and/or client as well as authorization information (e.g. arxiv.users.auth.scopes).

It is essential that these JWTs are encrypted and decrypted precisely the same way in all arXiv services, so we include these routines here for convenience.

arxiv.users.auth.tokens.decode(token, secret)[source]

Decode an auth token to access session information.

Return type:Session
arxiv.users.auth.tokens.encode(session, secret)[source]

Encode session information as an encrypted JWT.

Parameters:
  • session (domain.Session) – User or client session data, including authorization information.
  • secret (str) – A secret key used to encrypt the token. This secret is required to decode the token later on (e.g. in the application handling the request).
Returns:

An encrypted JWT.

Return type:

str

Return type:

str