Added asymmetric algorithms support

JSeam2 · Feb 3, 2020 · 9e68529 · 9e68529
1 parent 95ac4af
commit 9e68529
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 2 deletions.
diff --git a/docs/settings.rst b/docs/settings.rst
@@ -55,6 +55,22 @@ PyJWT
   Default: ``settings.SECRET_KEY``
 
 
+`JWT_PUBLIC_KEY`_
+~~~~~~~~~~~~~~~~~
+
+  The RSA public key for *RS256*, *RS384* or *RS512* asymmetric algorithms. ``JWT_SECRET_KEY`` setting will be ignored
+
+  Default: ``None``
+
+
+`JWT_PRIVATE_KEY`_
+~~~~~~~~~~~~~~~~~
+
+  The RSA private key for *RS256*, *RS384* or *RS512* asymmetric algorithms. ``JWT_SECRET_KEY`` setting will be ignored
+
+  Default: ``None``
+
+
 `JWT_VERIFY`_
 ~~~~~~~~~~~~~
 

diff --git a/graphql_jwt/settings.py b/graphql_jwt/settings.py
@@ -11,6 +11,8 @@
     'JWT_ISSUER': None,
     'JWT_LEEWAY': 0,
     'JWT_SECRET_KEY': settings.SECRET_KEY,
+    'JWT_PUBLIC_KEY': None,
+    'JWT_PRIVATE_KEY': None,
     'JWT_VERIFY': True,
     'JWT_VERIFY_EXPIRATION': False,
     'JWT_EXPIRATION_DELTA': timedelta(seconds=60 * 5),

diff --git a/graphql_jwt/utils.py b/graphql_jwt/utils.py
@@ -36,15 +36,15 @@ def jwt_payload(user, context=None):
 def jwt_encode(payload, context=None):
     return jwt.encode(
         payload,
-        jwt_settings.JWT_SECRET_KEY,
+        jwt_settings.JWT_PRIVATE_KEY or jwt_settings.JWT_SECRET_KEY,
         jwt_settings.JWT_ALGORITHM,
     ).decode('utf-8')
 
 
 def jwt_decode(token, context=None):
     return jwt.decode(
         token,
-        jwt_settings.JWT_SECRET_KEY,
+        jwt_settings.JWT_PUBLIC_KEY or jwt_settings.JWT_SECRET_KEY,
         jwt_settings.JWT_VERIFY,
         options={
             'verify_exp': jwt_settings.JWT_VERIFY_EXPIRATION,

diff --git a/requirements/test.txt b/requirements/test.txt
@@ -1,4 +1,5 @@
 coverage>=4.4
+cryptography>=2.0.3
 pytest>=3.3.1
 pytest-cov>=2.4.0
 pytest-django>=3.1.2
diff --git a/tests/test_utils.py b/tests/test_utils.py
@@ -1,6 +1,9 @@
 from datetime import timedelta
 from unittest import mock
 
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric import rsa
+
 from graphql_jwt import exceptions, utils
 from graphql_jwt.settings import jwt_settings
 
@@ -29,6 +32,28 @@ def test_issuer(self):
         self.assertEqual(payload['iss'], 'test')
 
 
+class AsymmetricAlgorithmsTests(TestCase):
+
+    def test_rsa_jwt(self):
+        private_key = rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=2048,
+            backend=default_backend(),
+        )
+        public_key = private_key.public_key()
+        payload = utils.jwt_payload(self.user)
+
+        with override_jwt_settings(
+                JWT_PUBLIC_KEY=public_key,
+                JWT_PRIVATE_KEY=private_key,
+                JWT_ALGORITHM='RS256'):
+
+            token = utils.jwt_encode(payload)
+            decoded = utils.jwt_decode(token)
+
+        self.assertEqual(payload, decoded)
+
+
 class GetHTTPAuthorizationHeaderTests(TestCase):
 
     def test_get_authorization_header(self):