JWT API AUTHENTICATION

h4k4ri · November 22, 2024, 7:17am

Hello everyone, I’m a bit stuck trying to create a Python script to authenticate with JWT. With GPG, I had 100% success using Ansible, but my experience with JWT has been quite complicated. If anyone can help me with a template or a step-by-step guide on how to perform the authentication, I would greatly appreciate it.

LuckySecret · December 11, 2024, 3:13pm

Hello there,

Based on the other posts and the POC on github, I’ve developed the following python code to get the access token.

It uses the gnupg python GPG wrapper. (pip3 install gnupg)

It requires your private GPG key, your passphrase and your UUID on the passbolt instance.

Hope it helps…

import gnupg
import os
import time
import json
import requests
import uuid
from datetime import datetime, timedelta


domain = 'https://your-fqdn-instance'
userUUID = 'your user UUID'
secret_pp = 'Your Priv Key GPG passphrase' 

#Get JWT Token to access the API
# Return both JWT access token and the refresh token


def getToken():

    gpg = gnupg.GPG()
    json_data = {
        "version": "1.0.0",
        "domain": domain,
        "verify_token":str( uuid.uuid1()),
        "verify_token_expiry":(datetime.now() +  timedelta(seconds=2*60)).strftime('%s')
    }
    passphrase = ""

    with open('./passbolt_private.asc', mode='rb') as f:
        client_private_key_armored = f.read()

    priv_key = gpg.import_keys(client_private_key_armored, passphrase = secret_pp)

    pub_key = gpg.import_keys(getVerify())

    data = (json.dumps(json_data))
    encrypted = gpg.encrypt((data), pub_key.fingerprints, sign=True,  always_trust = True, passphrase= secret_pp)


    hdr =  {'Content-Type': "application/json"}
    payload = { 'user_id' : userUUID,'challenge' :str(encrypted)}
    url = domain + '/auth/jwt/login.json'
    x = requests.post(url,headers= hdr,  json = payload)

    data = json.loads(x.text)
    
    decrypted = gpg.decrypt(data['body']['challenge'] )


    jwt_token = json.loads(str(decrypted))['access_token']
    refresh_token = json.loads(str(decrypted))['refresh_token']

    return jwt_token,refresh_token


#To get the Public Key of the Passbolt Server
def getVerify():

    url = domain + '/auth/verify.json'
    x = requests.get(url, verify=False)
    return json.loads(x.text)['body']['keydata']


def main():
    a,r = getToken(password)
    print(a)


if __name__ == "__main__":
    main()