使用python发送包含用户名/密码的JWT Get请求 [英] Sending JWT Get Request containing username/password using python

问题描述

我可以访问一个API，我正试图利用它来实现一些任务的自动化，我跳入了该API，但遭到了JWT(我从未使用过)的困扰.几年来我还没有使用python，所以有点生锈.请忍受我.

I have access to an API that I'm trying to start leveraging to automate some tasks and I jumped right into it but was stymied by JWT, which I have never used. I'm also coming off a couple years not using python, so I'm a little rusty. Please bear with me.

以下是API文档的直接引文:

Here is a direct quote from the API documentation:

The authentication mode for an organization is with a JSON Web Token. Users 
must pass a JSON Web Token (JWT) in the header of each API request made. 

To obtain the JWT, send the user’s API key (UUID) and password in a JSON Web
Token GET Request. The authorization method of "Bearer" and a 
space is then prefixed to the encoded token string returned. The token will 
be tied to the user account that generated the JWT.

我尝试使用requests，但出现405错误，我也安装并导入了pyjwt，但这使我感到困惑.从本质上讲，这就是我要通过python发送的内容:

I've tried with requests but I'm get 405 errors, I've also installed and imported pyjwt but it's confusing to me. This is essentially what I'm trying to send via python:

POST https://<our endpoint>/v1/token/get HTTP/1.1
Content-Type: application/json
{
"username": "<myUsername>",
"password": "<myPassword>"

我已经验证了目标API是否可以正常工作，因为有一小部分功能可以在不使用JWT的情况下运行，并且可以通过requests

I've verified that the target API is working, as there is a small set of functionality that works without JWT and was easily accessed via requests

与任何教程一样，我们也欢迎您提出建议.我已经尝试阅读一些JWT教程，但是很难将其翻译成python.

Advice is welcome, as are any tutorials. I've tried to read several JWT tutorials but I'm having a hard time translating it to python.

谢谢！

推荐答案

问题:要获取JWT，请在JSON Web令牌GET请求中发送用户的API密钥(UUID)和密码

Question: To obtain the JWT, send the user’s API key (UUID) and password in a JSON Web Token GET Request

使用python_jwt的解决方案.

假设:
编码方法= HS256
claims字段名'consumerId'
claims字段名'httpMethod'

Assumptions:
Encoding Method = HS256
claims Fieldname 'consumerId'
claims Fieldname 'httpMethod'

您在url中的JWT看起来像:

'http://httpbin.org/get?eyJ0eXAiOiAiSldUIiwgImFsZyI6ICJIUzI1NiJ9... (omitted for brevity)  

response.json()包含您随后必须使用的请求的JWT.

response.json() contains the requested JWT you have to use afterwards.

注意:您必须使用https://<base url>/v1/token/get

import python_jwt as jwt
# Create claims dictionary for generation of JwToken
claims = {
    'consumerId': 'My App ID',
    'httpMethod': 'GET'
}

import datetime
# create JWToken
jwtoken = jwt.generate_jwt(claims, 'My secret', 'HS256', datetime.timedelta(minutes=5))

response = requests.get('http://httpbin.org/get', jwtoken)
print(response.json())

使用Python:3.4.2测试-请求:2.11.1

Tested with Python:3.4.2 - requests:2.11.1

这篇关于使用python发送包含用户名/密码的JWT Get请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！