Python jose.jwt.ExpiredSignatureError() Examples
The following are 3
code examples of jose.jwt.ExpiredSignatureError().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
jose.jwt
, or try the search function
.
Example #1
Source File: backends.py From richie with MIT License | 4 votes |
def validate_and_return_id_token(self, id_token, access_token): """ Validates the id_token according to the steps at http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation. """ key = self.find_valid_key(id_token) if not key: raise AuthTokenError(self, "Signature verification failed") alg = key["alg"] rsa_key = jwk.construct(key) k = { "alg": rsa_key._algorithm, # pylint: disable=protected-access "kty": "oct", "k": base64.urlsafe_b64encode(rsa_key.prepared_key) .rstrip(b"=") .decode("utf-8"), } try: claims = jwt.decode( id_token, k, algorithms=[alg], audience=self.setting("KEY"), issuer=self.id_token_issuer(), options=self.JWT_DECODE_OPTIONS, ) except ExpiredSignatureError: raise AuthTokenError(self, "Signature has expired") except JWTClaimsError as error: raise AuthTokenError(self, str(error)) except JWTError: raise AuthTokenError(self, "Invalid signature") self.validate_claims(claims)
Example #2
Source File: auth.py From service-map with Mozilla Public License 2.0 | 4 votes |
def requires_auth(f): """Determines if the Access Token is valid """ @wraps(f) def decorated(*args, **kwargs): token = get_token_auth_header() jsonurl = urlopen("https://" + AUTH0_DOMAIN + "/.well-known/jwks.json") jwks = json.loads(jsonurl.read()) unverified_header = jwt.get_unverified_header(token) rsa_key = {} for key in jwks["keys"]: if key["kid"] == unverified_header["kid"]: rsa_key = { "kty": key["kty"], "kid": key["kid"], "use": key["use"], "n": key["n"], "e": key["e"], } if rsa_key: try: payload = jwt.decode( token, rsa_key, algorithms=ALGORITHMS, audience=API_AUDIENCE, issuer="https://" + AUTH0_DOMAIN + "/", ) except jwt.ExpiredSignatureError: abort(401, "Authorization token is expired") except jwt.JWTClaimsError: abort( 401, "Authorization claim is incorrect, please check audience and issuer", ) except Exception: abort(401, "Authorization header cannot be parsed") _request_ctx_stack.top.current_user = payload return f(*args, **kwargs) else: abort(401, "Authorization error, unable to find appropriate key") return decorated
Example #3
Source File: server.py From auth0-python-api-samples with MIT License | 4 votes |
def requires_auth(f): """Determines if the access token is valid """ @wraps(f) def decorated(*args, **kwargs): token = get_token_auth_header() jsonurl = urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json") jwks = json.loads(jsonurl.read()) try: unverified_header = jwt.get_unverified_header(token) except jwt.JWTError: raise AuthError({"code": "invalid_header", "description": "Invalid header. " "Use an RS256 signed JWT Access Token"}, 401) if unverified_header["alg"] == "HS256": raise AuthError({"code": "invalid_header", "description": "Invalid header. " "Use an RS256 signed JWT Access Token"}, 401) rsa_key = {} for key in jwks["keys"]: if key["kid"] == unverified_header["kid"]: rsa_key = { "kty": key["kty"], "kid": key["kid"], "use": key["use"], "n": key["n"], "e": key["e"] } if rsa_key: try: payload = jwt.decode( token, rsa_key, algorithms=ALGORITHMS, audience=API_IDENTIFIER, issuer="https://"+AUTH0_DOMAIN+"/" ) except jwt.ExpiredSignatureError: raise AuthError({"code": "token_expired", "description": "token is expired"}, 401) except jwt.JWTClaimsError: raise AuthError({"code": "invalid_claims", "description": "incorrect claims," " please check the audience and issuer"}, 401) except Exception: raise AuthError({"code": "invalid_header", "description": "Unable to parse authentication" " token."}, 401) _request_ctx_stack.top.current_user = payload return f(*args, **kwargs) raise AuthError({"code": "invalid_header", "description": "Unable to find appropriate key"}, 401) return decorated # Controllers API