diff options
| author | DMRobertson <DMRobertson@users.noreply.github.com> | 2022-06-15 16:45:50 +0000 |
|---|---|---|
| committer | DMRobertson <DMRobertson@users.noreply.github.com> | 2022-06-15 16:45:50 +0000 |
| commit | 7c4175958c531ffbe65295ba111e5f0eebe7974b (patch) | |
| tree | 9479641a7b9b6984403fd57cab41dce6306de0f4 /develop/jwt.html | |
| parent | deploy: bdb6628dcf303e38960a56a9f97da71033826287 (diff) | |
| download | synapse-7c4175958c531ffbe65295ba111e5f0eebe7974b.tar.xz | |
deploy: 7d99414edf2c5c7e602a88c72245add665e6afb4
Diffstat (limited to 'develop/jwt.html')
| -rw-r--r-- | develop/jwt.html | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/develop/jwt.html b/develop/jwt.html index b7219d8202..ce47f9db88 100644 --- a/develop/jwt.html +++ b/develop/jwt.html @@ -177,7 +177,7 @@ Providing the audience claim when not configured will cause validation to fail.< <code>initial_device_display_name</code>) which can be included in the above request.</p> <h2 id="preparing-synapse"><a class="header" href="#preparing-synapse">Preparing Synapse</a></h2> <p>The JSON Web Token integration in Synapse uses the -<a href="https://pypi.org/project/pyjwt/"><code>PyJWT</code></a> library, which must be installed +<a href="https://docs.authlib.org/en/latest/index.html"><code>Authlib</code></a> library, which must be installed as follows:</p> <ul> <li> @@ -185,20 +185,20 @@ as follows:</p> provided by <code>matrix.org</code> so no further action is needed.</p> </li> <li> -<p>If you installed Synapse into a virtualenv, run <code>/path/to/env/bin/pip install synapse[pyjwt]</code> to install the necessary dependencies.</p> +<p>If you installed Synapse into a virtualenv, run <code>/path/to/env/bin/pip install synapse[jwt]</code> to install the necessary dependencies.</p> </li> <li> <p>For other installation mechanisms, see the documentation provided by the maintainer.</p> </li> </ul> -<p>To enable the JSON web token integration, you should then add an <code>jwt_config</code> section +<p>To enable the JSON web token integration, you should then add a <code>jwt_config</code> section to your configuration file (or uncomment the <code>enabled: true</code> line in the existing section). See <a href="./sample_config.yaml">sample_config.yaml</a> for some sample settings.</p> <h2 id="how-to-test-jwt-as-a-developer"><a class="header" href="#how-to-test-jwt-as-a-developer">How to test JWT as a developer</a></h2> <p>Although JSON Web Tokens are typically generated from an external server, the -examples below use <a href="https://pyjwt.readthedocs.io/en/latest/">PyJWT</a> directly.</p> +example below uses a locally generated JWT.</p> <ol> <li> <p>Configure Synapse with JWT logins, note that this example uses a pre-shared @@ -211,8 +211,17 @@ secret and an algorithm of HS256:</p> </li> <li> <p>Generate a JSON web token:</p> -<pre><code class="language-bash">$ pyjwt --key=my-secret-token --alg=HS256 encode sub=test-user -eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.Ag71GT8v01UO3w80aqRPTeuVPBIBZkYhNTJJ-_-zQIc +<p>You can use the following short Python snippet to generate a JWT +protected by an HMAC. +Take care that the <code>secret</code> and the algorithm given in the <code>header</code> match +the entries from <code>jwt_config</code> above.</p> +<pre><code class="language-python">from authlib.jose import jwt + +header = {"alg": "HS256"} +payload = {"sub": "user1", "aud": ["audience"]} +secret = "my-secret-token" +result = jwt.encode(header, payload, secret) +print(result.decode("ascii")) </code></pre> </li> <li> |