The Next Level3 Python integration is designed to be used for your existing applications or sites that are using Python for authentication. This integration will allow you to easily add Account Protection to any application the leverages Python for authentication. 




– Python Application
– Next Level3 Company Account
– Signing Key created for an application in the Next Level3 Company Portal


Account Protection

The following Python code sample can be used to integrate an account protection check into your existing authentication flow for  custom Python applications that are handling authentication within the application or where a third-party identity provider does not have a supported integration:

					import json
import os
import requests
import base64
import logging
from datetime import datetime
import jwt

def getLockStatus(token, api_uri, api_path, validationData):
  responseDict = {}
    headers_dict = {"x-nl3-authorization-token": token, "Content-Type": "application/json"}
    data_dict = {
      "userIP": validationData["ip"],
      "userDevice": validationData["device"],
      "userLocation": validationData["location"],
      "integrationType": "cognito",
      "integrationData": json.loads(validationData["additionalData"])
    response ="".join([api_uri,api_path]), headers=headers_dict, json=data_dict)
    responseDict = response.json()
  except Exception as e:
    responseDict = { "message": str(e) }

  return responseDict

def protectionCheck (userName, validationData):
  claims = {
    "iss": os.environ["APP_URI"],
    "iat": (datetime.utcnow().timestamp() + (-1 * 60)),
    "exp": (datetime.utcnow().timestamp() + (5 * 60)),
    "aud": os.environ["API_URI"],
    "sub": userName
  ### Ildeally the Signing Key would be stored and retrieved from a secrets manager
  ### and not an environmental variable
  decodedDomainToken = base64.b64decode(os.environ["SIGNING_KEY"])
  token = jwt.encode(
  response = getLockStatus(token, os.environ["API_URI"], os.environ["API_PATH"], validationData)
  if response.get("locked", False):
    // Code for prohibiting login and returning generic error message

  // Code for unlocked or unprotected accounts

Scroll to Top