Generic token generator and validator service like auth

ismetacar, updated 🕥 2022-12-08 06:21:13

Pypi Docker Automated build

Ertis Auth Tweet

v2.0.1

Ertis auth is a next generation and generic auth service.

You can manage your users, applications, roles and more.

Tokens

There are two types of token. Basic and Bearer tokens.

Bearer tokens are based on JWT.

Basic tokens generating by application id and secret.

Resources

User types, users, applications, roles.

User Types: - Manage your user model dynamically. - Set as required fields you want. - All primitive types are supported.

Users: - Users, generating with default user fields (samples as below) and defined fields on user type. - Users can get a token and access to me and other api endpoints. - Users can create and modify other resources by role.

Applications: - Applications can manage other resources like users by role. - Server side request optimization is benefit.

Roles: - Define roles easily with role based access control. (Samples as below) - Apply role to user and applications.

Events - Get all action records as json from rest api. - Get detail of an event.

Active Tokens: - Get all active tokens by user. - Revoke all of them, as you wish.

Rest API

All api endpoints developed by rest and http standards.

| Endpoint Path | Allowed Methods | |:-------------------------------------------------------------------|-------------------------------| | /api/v1/healthcheck | GET | | /api/v1/generate-token | POST | | /api/v1/refresh-token | POST | | /api/v1/verify-token | POST | | /api/v1/revoke-token | POST | | /api/v1/reset-password | POST | | /api/v1/set-password | POST | | /api/v1/change-password | POST | | /api/v1/me | GET | | /api/v1/memberships//user-types | POST | | /api/v1/memberships//get-user-type | GET | | /api/v1/memberships//user-types/ | GET | | /api/v1/memberships//user-types/ | PUT,GET | | /api/v1/memberships//users | POST | | /api/v1/memberships//users/ | GET | | /api/v1/memberships//users/ | PUT,GET | | /api/v1/memberships//users/ | PUT,GET,DELETE | | /api/v1/memberships//users/_query | POST | | /api/v1/memberships//applications | POST | | /api/v1/memberships//applications/ | GET | | /api/v1/memberships//applications/ | PUT,GET | | /api/v1/memberships//applications/ | PUT,GET,DELETE | | /api/v1/memberships//applications/_query | POST | | /api/v1/memberships//roles | POST | | /api/v1/memberships//roles/ | GET | | /api/v1/memberships//roles/ | PUT,GET | | /api/v1/memberships//roles/ | PUT,GET,DELETE | | /api/v1/memberships//roles/_query | POST | | /api/v1/memberships//events/ | GET | | /api/v1/memberships//events/_query | POST | | /api/v1/api-map | GET | | /api/v1/get-app-version | GET | | /api/v1/memberships//providers | POST | | /api/v1/memberships//providers/ | GET | | /api/v1/memberships//providers/ | GET,PUT | | /api/v1/memberships//providers/ | GET,PUT,DELETE | | /api/v1/memberships//providers/_query | POST | | /api/v1/sign-in/ | GET |

Dockerized App

  • Working with mongodb.
  • Just docker-compose up.
  • Docker compose with mongo and ertis auth.
  • Setup db first -> migrate db easily.

    Go to setup step (Ertis Auth Migrate pypi package)

Up

bash $ docker run -p 8888:8888 -d --env-file .env ertis_auth

Note: All values in the configuration file can be overridden by environment variables. Environment variables must be defined with the AUTH_ prefix -i.e see .env file- on when they are defined.

Ertis auth have a public docker image on docker hub.

API Documentation

Tests and continuous delivery

  • All automated unit and integration tests.
  • Just call $ pytest test.py on your pipeline.

Issues

Bump certifi from 2019.6.16 to 2022.12.7

opened on 2022-12-08 06:21:10 by dependabot[bot]

Bumps certifi from 2019.6.16 to 2022.12.7.

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ismetacar/ertis-auth/network/alerts).

Bump sanic from 20.12.6 to 20.12.7

opened on 2022-08-06 05:28:56 by dependabot[bot]

Bumps sanic from 20.12.6 to 20.12.7.

Release notes

Sourced from sanic's releases.

Version 20.12.7

Resolves #2477 and #2478 See also #2495 and https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6

Full Changelog: https://github.com/sanic-org/sanic/compare/v20.12.6...v20.12.7

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ismetacar/ertis-auth/network/alerts).

Bump ujson from 5.1.0 to 5.4.0

opened on 2022-07-05 22:27:24 by dependabot[bot]

Bumps ujson from 5.1.0 to 5.4.0.

Release notes

Sourced from ujson's releases.

5.4.0

Added

Fixed

5.3.0

Added

Changed

Fixed

5.2.0

Added

Fixed

Commits
  • 9c20de0 Merge pull request from GHSA-fm67-cv37-96ff
  • b21da40 Fix double free on string decoding if realloc fails
  • 67ec071 Merge pull request #555 from JustAnotherArchivist/fix-decode-surrogates-2
  • bc7bdff Replace wchar_t string decoding implementation with a uint32_t-based one
  • cc70119 Merge pull request #548 from JustAnotherArchivist/arbitrary-ints
  • 4b5cccc Merge pull request #553 from bwoodsend/pypy-ci
  • abe26fc Merge pull request #551 from bwoodsend/bye-bye-travis
  • 3efb5cc Delete old TravisCI workflow and references.
  • 404de1a xfail test_decode_surrogate_characters() on Windows PyPy.
  • f7e66dc Switch to musl docker base images.
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ismetacar/ertis-auth/network/alerts).

Bump httpx from 0.11.1 to 0.23.0

opened on 2022-06-01 23:57:41 by dependabot[bot]

Bumps httpx from 0.11.1 to 0.23.0.

Release notes

Sourced from httpx's releases.

Version 0.23.0

0.23.0 (23rd May, 2022)

Changed

  • Drop support for Python 3.6. (#2097)
  • Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

Fixed

  • Fix URL.copy_with for some oddly formed URL cases. (#2185)
  • Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)
  • Fix console markup escaping in command line client. (#1866)
  • When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)
  • Ensure that iter_bytes never yields zero-length chunks. (#2068)
  • Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)
  • When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)
  • Fix display of --proxies argument in the command line client help. (#2125)
  • Close responses when task cancellations occur during stream reading. (#2156)
  • Fix type error on accessing .request on HTTPError exceptions. (#2158)

Version 0.22.0

0.22.0 (26th January, 2022)

Added

Fixed

  • Don't perform unreliable close/warning on __del__ with unclosed clients. (#2026)
  • Fix Headers.update(...) to correctly handle repeated headers (#2038)

Version 0.21.3

0.21.3 (6th January, 2022)

Fixed

  • Fix streaming uploads using SyncByteStream or AsyncByteStream. Regression in 0.21.2. (#2016)

Version 0.21.2

0.21.2 (5th January, 2022)

Fixed

  • HTTP/2 support for tunnelled proxy cases. (#2009)
  • Improved the speed of large file uploads. (#1948)

Version 0.21.1

... (truncated)

Changelog

Sourced from httpx's changelog.

0.23.0 (23rd May, 2022)

Changed

  • Drop support for Python 3.6. (#2097)
  • Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

Fixed

  • Fix URL.copy_with for some oddly formed URL cases. (#2185)
  • Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)
  • Fix console markup escaping in command line client. (#1866)
  • When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)
  • Ensure that iter_bytes never yields zero-length chunks. (#2068)
  • Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)
  • When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)
  • Fix display of --proxies argument in the command line client help. (#2125)
  • Close responses when task cancellations occur during stream reading. (#2156)
  • Fix type error on accessing .request on HTTPError exceptions. (#2158)

0.22.0 (26th January, 2022)

Added

Fixed

  • Don't perform unreliable close/warning on __del__ with unclosed clients. (#2026)
  • Fix Headers.update(...) to correctly handle repeated headers (#2038)

0.21.3 (6th January, 2022)

Fixed

  • Fix streaming uploads using SyncByteStream or AsyncByteStream. Regression in 0.21.2. (#2016)

0.21.2 (5th January, 2022)

Fixed

  • HTTP/2 support for tunnelled proxy cases. (#2009)
  • Improved the speed of large file uploads. (#1948)

0.21.1 (16th November, 2021)

Fixed

  • The response.url property is now correctly annotated as URL, instead of Optional[URL]. (#1940)

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ismetacar/ertis-auth/network/alerts).

Bump pyjwt from 1.7.1 to 2.4.0

opened on 2022-05-25 03:47:53 by dependabot[bot]

Bumps pyjwt from 1.7.1 to 2.4.0.

Release notes

Sourced from pyjwt's releases.

2.4.0

Security

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0

2.3.0

What's Changed

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

Security


- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

Changed



- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742

Fixed
~~~~~

- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743

Added
~~~~~

- Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
- api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
- Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
- Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
- Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
- Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
- Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
- Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751

`v2.3.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&gt;`__
-----------------------------------------------------------------------

Fixed
~~~~~

- Revert &quot;Remove arbitrary kwargs.&quot; `[#701](https://github.com/jpadilla/pyjwt/issues/701) &lt;https://github.com/jpadilla/pyjwt/pull/701&gt;`__

Added
~~~~~

- Add exception chaining `[#702](https://github.com/jpadilla/pyjwt/issues/702) &lt;https://github.com/jpadilla/pyjwt/pull/702&gt;`__

`v2.2.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&gt;`__
-----------------------------------------------------------------------

&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/1.7.1...2.4.0">compare view</a></li>
</ul>
</details>

<br />




[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=1.7.1&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ismetacar/ertis-auth/network/alerts).





Sign in with Apple


opened on 2021-05-02 18:27:57 by irfansimsar

I am using ertis-auth for a mobile project. I need social login options, especially  "Sign in with Apple". I could not find it in read me or source code. Do you have a plan for this?
ismetacar
GitHub Repository

bearer-tokens docker generic pypi auth authentication authorization python oauth2 auth0