alexcchan
diff --git a/‎docs/api.rst
Lines changed: 1 addition & 0 deletions b/‎docs/api.rst
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/api/util.rst
Lines changed: 13 additions & 0 deletions b/‎docs/api/util.rst
Lines changed: 13 additions & 0 deletions
diff --git a/‎docs/conf.py
Lines changed: 2 additions & 2 deletions b/‎docs/conf.py
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/index.rst
Lines changed: 1 addition & 9 deletions b/‎docs/index.rst
Lines changed: 1 addition & 9 deletions
diff --git a/‎docs/usage/token-generation.rst
Lines changed: 56 additions & 0 deletions b/‎docs/usage/token-generation.rst
Lines changed: 56 additions & 0 deletions
diff --git a/‎requirements.txt
Lines changed: 1 addition & 0 deletions b/‎requirements.txt
Lines changed: 1 addition & 0 deletions
diff --git a/‎setup.py
Lines changed: 2 additions & 2 deletions b/‎setup.py
Lines changed: 2 additions & 2 deletions
diff --git a/‎tests/test_jwt.py
Lines changed: 78 additions & 0 deletions b/‎tests/test_jwt.py
Lines changed: 78 additions & 0 deletions
diff --git a/‎twilio/__init__.py
Lines changed: 1 addition & 1 deletion b/‎twilio/__init__.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎twilio/contrib/jwt/__init__.py
Lines changed: 72 additions & 0 deletions b/‎twilio/contrib/jwt/__init__.py
Lines changed: 72 additions & 0 deletions
@@ -10,4 +10,5 @@ A complete API reference to the :data:`twilio` module.
    api/rest/index
    api/rest/resources
    api/twiml
+   api/util
 
@@ -0,0 +1,13 @@
+====================
+:mod:`twilio.util`
+====================
+
+.. automodule:: twilio.util
+
+.. autoclass:: twilio.util.RequestValidator
+   :members:
+
+.. autoclass:: twilio.util.TwilioCapability
+   :members: allow_client_incoming, allow_client_outgoing, generate
+
+
@@ -54,9 +54,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = '3.0'
+version = '3.1'
 # The full version, including alpha/beta/rc tags.
-release = '3.0.2'
+release = '3.1.0'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
 
@@ -69,6 +69,7 @@ Small functions useful for validating requests are coming from Twilio
     :maxdepth: 1
 
     usage/validation
+    usage/token-generation
 
 Upgrade Plan
 ==================
@@ -97,12 +98,3 @@ All development occurs over on `Github <https://github.com/twilio/twilio-python>
 Report bugs using the Github `issue tracker <https://github.com/twilio/twilio-python/issues>`_.
 
 If you’ve got questions that aren’t answered by this documentation, ask the `#twilio IRC channel <irc://irc.freenode.net/#twilio>`_
-
-Changelog
-=================
-Current stable version is 3.0.0.
-
-.. toctree::
-   :maxdepth: 1
-
-   changelog
@@ -0,0 +1,56 @@
+.. module:: twilio.util
+
+===========================
+Generate Capability Tokens
+===========================
+
+`Twilio Client <http://www.twilio.com/api/client>`_ allows you to make and recieve connections in the browser. You can place a call to a phone on the PSTN network, all without leaving your browser. See the `Twilio Client Quickstart <http:/www.twilio.com/docs/quickstart/client>`_ to get up and running with Twilio Client.
+
+Capability tokens are used by `Twilio Client <http://www.twilio.com/api/client>`_ to provide connection security and authorization. The `Capability Token documentation <http://www.twilio.con/docs/tokens>`_ explains indepth the purpose and features of these tokens.
+
+:class:`TwilioCapability` is responsible for the creation of these capability tokens. You'll need your Twilio AccountSid and AuthToken.
+
+.. code-block:: python
+
+    from twilio.util import TwilioCapability
+
+    account_sid = "AC123123"
+    auth_token = "secret"
+
+    capability = TwilioCability(account_sid, auth_token)
+
+
+Allow Incoming Connections
+==============================
+
+Before a device running `Twilio Client <http://www.twilio.com/api/client>`_ can recieve incoming connections, the instance must first register a name (such as "Alice" or "Bob"). The :meth:`allow_client_incoming` method adds the client name to the capability token.
+
+.. code-block:: python
+
+    capability.allow_client_incoming("Alice")
+
+
+Allow Outgoing Connections
+==============================
+
+To make an outgoing connection from a `Twilio Client <http://www.twilio.com/api/client>`_ device, you'll need to choose a `Twilio Application <http://www.twilio.com/docs/api/rest/applications>`_ to handle TwiML URLs. A Twilio Application is a collection of URLs responsible for outputing valid TwiML to control phone calls and SMS.
+
+.. code-block:: python
+
+    application_sid = "AP123123" # Twilio Application Sid
+    capability.allow_client_outgoing(application_sid)
+
+Generate a Token
+==================
+
+.. code-block:: python
+
+    token = capability.generate()
+
+By default, this token will expire in one hour. If you'd like to change the token expiration, :meth:`generate` takes an optional :attr:`expires` argument.
+
+.. code-block:: python
+
+    token = capability.generate(expires=600)
+
+This token will now expire in 10 minutes. If you haven't guessed already, :attr:`expires` is expressed in seconds.
@@ -2,3 +2,4 @@ sphinx
 mock
 httplib2
 nose
+pyjwt
@@ -1,13 +1,13 @@
 from setuptools import setup, find_packages
 setup(
     name = "twilio",
-    version = "3.0.2",
+    version = "3.1.0",
     description = "Twilio API client and TwiML generator",
     author = "Twilio",
     author_email = "help@twilio.com",
     url = "http://github.com/twilio/twilio-python/",
     keywords = ["twilio","twiml"],
-    install_requires = ["httplib2"],
+    install_requires = ["httplib2", "pyjwt"],
     packages = find_packages(),
     classifiers = [
         "Programming Language :: Python",
 
@@ -0,0 +1,78 @@
+import jwt
+import unittest
+import urllib
+from twilio.util import TwilioCapability
+
+class TokenTest(unittest.TestCase):
+
+    def assertIn(self, foo, bar, msg=None):
+        """backport for 2.6"""
+        return self.assertTrue(foo in bar, msg=(msg or "%s not found in %s"
+            % (foo, bar)))
+
+    def test_no_permissions(self):
+        token = TwilioCapability("AC123", "XXXXX")
+        payload = token.payload()
+        self.assertEquals(len(payload), 1)
+        self.assertEquals(payload["scope"], '')
+
+    def test_inbound_permissions(self):
+        token = TwilioCapability("AC123", "XXXXX")
+        token.allow_client_incoming("andy")
+        payload = token.payload()
+
+        eurl = "scope:client:incoming?clientName=andy"
+        self.assertEquals(len(payload), 1)
+        self.assertEquals(payload['scope'], eurl)
+
+    def test_outbound_permissions(self)
F438
:
+        token = TwilioCapability("AC123", "XXXXX")
+        token.allow_client_outgoing("AP123")
+        payload = token.payload()
+
+        eurl = "scope:client:outgoing?appSid=AP123"
+
+        self.assertEquals(len(payload), 1)
+        self.assertIn(eurl, payload['scope'])
+
+    def test_outbound_permissions_params(self):
+        token = TwilioCapability("AC123", "XXXXX")
+        token.allow_client_outgoing("AP123", foobar=3)
+        payload = token.payload()
+
+        eurl = "scope:client:outgoing?appSid=AP123&appParams=foobar%3D3"
+        self.assertEquals(payload["scope"], eurl)
+
+    def test_events(self):
+        token = TwilioCapability("AC123", "XXXXX")
+        token.allow_event_stream()
+        payload = token.payload()
+
+        event_uri = "scope:stream:subscribe?path=%2F2010-04-01%2FEvents"
+        self.assertEquals(payload["scope"], event_uri)
+
+    def test_events_with_filters(self):
+        token = TwilioCapability("AC123", "XXXXX")
+        token.allow_event_stream(foobar="hey")
+        payload = token.payload()
+
+        event_uri = "scope:stream:subscribe?path=%2F2010-04-01%2FEvents&params=foobar%3Dhey"
+        self.assertEquals(payload["scope"], event_uri)
+
+
+    def test_decode(self):
+        token = TwilioCapability("AC123", "XXXXX")
+        token.allow_client_outgoing("AP123", foobar=3)
+        token.allow_client_incoming("andy")
+        token.allow_event_stream()
+
+        outgoing_uri = "scope:client:outgoing?appSid=AP123&appParams=foobar%3D3&clientName=andy"
+        incoming_uri = "scope:client:incoming?clientName=andy"
+        event_uri = "scope:stream:subscribe?path=%2F2010-04-01%2FEvents"
+
+        result = jwt.decode(token.generate(), "XXXXX")
+        scope = result["scope"].split(" ")
+
+        self.assertIn(outgoing_uri, scope)
+        self.assertIn(incoming_uri, scope)
+        self.assertIn(event_uri, scope)
@@ -1,4 +1,4 @@
-__version_info__ = ('3', '0', '2')
+__version_info__ = ('3', '1', '0')
 __version__ = '.'.join(__version_info__)
 
 
 
@@ -0,0 +1,72 @@
+""" JSON Web Token implementation
+
+Minimum implementation based on this spec:
+http://self-issued.info/docs/draft-jones-json-web-token-01.html
+"""
+import base64
+import hashlib
+import hmac
+
+try:
+    import json
+except ImportError:
+    import simplejson as json
+    
+__all__ = ['encode', 'decode', 'DecodeError']
+
+class DecodeError(Exception): pass
+
+signing_methods = {
+    'HS256': lambda msg, key: hmac.new(key, msg, hashlib.sha256).digest(),
+    'HS384': lambda msg, key: hmac.new(key, msg, hashlib.sha384).digest(),
+    'HS512': lambda msg, key: hmac.new(key, msg, hashlib.sha512).digest(),
+}
+
+def base64url_decode(input):
+    input += '=' * (4 - (len(input) % 4))
+    return base64.urlsafe_b64decode(input)
+
+def base64url_encode(input):
+    return base64.urlsafe_b64encode(input).replace('=', '')
+
+def header(jwt):
+    header_segment = jwt.split('.', 1)[0]
+    try:
+        return json.loads(base64url_decode(header_segment))
+    except (ValueError, TypeError):
+        raise DecodeError("Invalid header encoding")
+
+def encode(payload, key, algorithm='HS256'):
+    segments = []
+    header = {"typ": "JWT", "alg": algorithm}
+    segments.append(base64url_encode(json.dumps(header)))
+    segments.append(base64url_encode(json.dumps(payload)))
+    signing_input = '.'.join(segments)
+    try:
+        ascii_key = unicode(key).encode('utf8')
+        signature = signing_methods[algorithm](signing_input, ascii_key)
+    except KeyError:
+    segments.append(base64url_encode(signature))
+    return '.'.join(segments)
+
+def decode(jwt, key='', verify=True):
+    try:
+        signing_input, crypto_segment = jwt.rsplit('.', 1)
+        header_segment, payload_segment = signing_input.split('.', 1)
+    except ValueError:
+        raise DecodeError("Not enough segments")
+    try:
+        header = json.loads(base64url_decode(header_segment))
+        payload = json.loads(base64url_decode(payload_segment))
+        signature = base64url_decode(crypto_segment)
+    except (ValueError, TypeError):
+        raise DecodeError("Invalid segment encoding")
+    if verify:
+        try:
+            ascii_key = unicode(key).encode('utf8')
+            if not signature == signing_methods[header['alg']](signing_input, ascii_key):
+                raise DecodeError("Signature verification failed")
+        except KeyError:
+            raise DecodeError("Algorithm not supported")
+    return payload
-Original file line number
+Diff line change
 mock
 httplib2
 nose
 +pyjwt
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-__version_info__ = ('3', '0', '2')`
	`1`	`+__version_info__ = ('3', '1', '0')`
`2`	`2`	`__version__ = '.'.join(__version_info__)`
`3`	`3`
`4`	`4`