A drop-in replacement for Starlette session middleware, using authlib's jwt.
It is sometimes necessary to integrate a Starlette-based application into more complex scenarios where other actors need to make decisions based on session data. This middleware makes this possible by using a standard JWT token instead of the Starlette-encrypted one, thus simplifying interaction with third-party components.
- Python 3.7+
- Starlette 0.9+
pip install starlette-authlib
A complete example where we drop-in replace standard session middleware:
from starlette.applications import Starlette
from starlette_authlib.middleware import AuthlibMiddleware as SessionMiddleware
app = Starlette()
app.add_middleware(SessionMiddleware, secret_key='secret')
Other things you can configure either via environment variables or .env
file:
-
DOMAIN
- declare cookie domain. App must be under this domain. If empty, the cookie is restricted to the subdomain of the app (this is useful when you write eg. SSO portals) -
JWT_ALG
- one of authlib JWT supported algorithms -
JWT_SECRET
- jwt secret. Only useful for HS* algorithms, see thesample_app
folder for middleware usage w/ crypto keys.
A sample application is included, and you can run it with either Starlette-based session middleware or this one, just by setting a variable:
# run with vanilla Starlette-based session middleware
VANILLA=1 uvicorn sample_app.app:app
# run with this drop-in replacement
uvicorn sample_app.app:app
As you can notice in code here, the only difference is an
import name, based on this VANILLA
env var.
This project is absolutely open to contributions so if you have a nice idea, create an issue to let the community discuss it.