from twilio.jwt import Jwt
from urllib.parse import urlencode
class ClientCapabilityToken(Jwt):
"""A token to control permissions with Twilio Client"""
ALGORITHM = "HS256"
def __init__(
self,
account_sid,
auth_token,
nbf=Jwt.GENERATE,
ttl=3600,
valid_until=None,
**kwargs
):
"""
:param str account_sid: The account sid to which this token is granted access.
:param str auth_token: The secret key used to sign the token. Note, this auth token is not
visible to the user of the token.
:param int nbf: Time in secs from epic before which this token is considered invalid.
:param int ttl: the amount of time in seconds from generation that this token is valid for.
:param kwargs:
:returns: A new CapabilityToken with zero permissions
"""
super(ClientCapabilityToken, self).__init__(
algorithm=self.ALGORITHM,
secret_key=auth_token,
issuer=account_sid,
nbf=nbf,
ttl=ttl,
valid_until=None,
)
self.account_sid = account_sid
self.auth_token = auth_token
self.client_name = None
self.capabilities = {}
if "allow_client_outgoing" in kwargs:
self.allow_client_outgoing(**kwargs["allow_client_outgoing"])
if "allow_client_incoming" in kwargs:
self.allow_client_incoming(**kwargs["allow_client_incoming"])
if "allow_event_stream" in kwargs:
self.allow_event_stream(**kwargs["allow_event_stream"])
def allow_client_outgoing(self, application_sid, **kwargs):
"""
Allow the user of this token to make outgoing connections. Keyword arguments are passed
to the application.
:param str application_sid: Application to contact
"""
scope = ScopeURI("client", "outgoing", {"appSid": application_sid})
if kwargs:
scope.add_param("appParams", urlencode(kwargs, doseq=True))
self.capabilities["outgoing"] = scope
def allow_client_incoming(self, client_name):
"""
Allow the user of this token to accept incoming connections.
:param str client_name: Client name to accept calls from
"""
self.client_name = client_name
self.capabilities["incoming"] = ScopeURI(
"client", "incoming", {"clientName": client_name}
)
def allow_event_stream(self, **kwargs):
"""
Allow the user of this token to access their event stream.
"""
scope = ScopeURI("stream", "subscribe", {"path": "/2010-04-01/Events"})
if kwargs:
scope.add_param("params", urlencode(kwargs, doseq=True))
self.capabilities["events"] = scope
def _generate_payload(self):
if "outgoing" in self.capabilities and self.client_name is not None:
self.capabilities["outgoing"].add_param("clientName", self.client_name)
scope_uris = [
scope_uri.to_payload() for scope_uri in self.capabilities.values()
]
return {"scope": " ".join(scope_uris)}
class ScopeURI(object):
"""A single capability granted to Twilio Client and scoped to a service"""
def __init__(self, service, privilege, params=None):
self.service = service
self.privilege = privilege
self.params = params or {}
def add_param(self, key, value):
self.params[key] = value
def to_payload(self):
if self.params:
sorted_params = sorted([(k, v) for k, v in self.params.items()])
encoded_params = urlencode(sorted_params)
param_string = "?{}".format(encoded_params)
else:
param_string = ""
return "scope:{}:{}{}".format(self.service, self.privilege, param_string)
def __str__(self):
return "<ScopeURI {}>".format(self.to_payload())