arxiv.users.auth.tokens module¶
Functions for working with authn/z tokens on user/client requests.
Encrypted JSON Web Tokens can be used inside the arXiv system to securely
convey authn/z information about each request. These tokens will usually be
generated by the authorizer
in response to an
authorization subrequest from the web server, and contain information about
the identity of the user and/or client as well as authorization information
(e.g. arxiv.users.auth.scopes
).
It is essential that these JWTs are encrypted and decrypted precisely the same way in all arXiv services, so we include these routines here for convenience.
-
arxiv.users.auth.tokens.
decode
(token, secret)[source]¶ Decode an auth token to access session information.
Return type: Session
-
arxiv.users.auth.tokens.
encode
(session, secret)[source]¶ Encode session information as an encrypted JWT.
Parameters: - session (
domain.Session
) – User or client session data, including authorization information. - secret (str) – A secret key used to encrypt the token. This secret is required to decode the token later on (e.g. in the application handling the request).
Returns: An encrypted JWT.
Return type: Return type: - session (