Python jose.jwt.get_unverified_claims() Examples
The following are 10
code examples of jose.jwt.get_unverified_claims().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
jose.jwt
, or try the search function
.
.
Example #1
| Source File: __init__.py From warrant with Apache License 2.0 | 6 votes |
|
def check_token(self, renew=True):
"""
Checks the exp attribute of the access_token and either refreshes
the tokens by calling the renew_access_tokens method or does nothing
:param renew: bool indicating whether to refresh on expiration
:return: bool indicating whether access_token has expired
"""
if not self.access_token:
raise AttributeError('Access Token Required to Check Token')
now = datetime.datetime.now()
dec_access_token = jwt.get_unverified_claims(self.access_token)
if now > datetime.datetime.fromtimestamp(dec_access_token['exp']):
expired = True
if renew:
self.renew_access_token()
else:
expired = False
return expired
Example #2
| Source File: __init__.py From warrant with Apache License 2.0 | 5 votes |
|
def verify_token(self,token,id_name,token_use):
kid = jwt.get_unverified_header(token).get('kid')
unverified_claims = jwt.get_unverified_claims(token)
token_use_verified = unverified_claims.get('token_use') == token_use
if not token_use_verified:
raise TokenVerificationException('Your {} token use could not be verified.')
hmac_key = self.get_key(kid)
try:
verified = jwt.decode(token,hmac_key,algorithms=['RS256'],
audience=unverified_claims.get('aud'),
issuer=unverified_claims.get('iss'))
except JWTError:
raise TokenVerificationException('Your {} token could not be verified.')
setattr(self,id_name,token)
return verified
Example #3
| Source File: __init__.py From hass-nabucasa with GNU General Public License v3.0 | 5 votes |
|
def _decode_claims(token):
"""Decode the claims in a token."""
return jwt.get_unverified_claims(token)
Example #4
| Source File: test_jwt.py From python-jose with MIT License | 5 votes |
|
def test_bad_claims(self):
bad_token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.iOJ5SiNfaNO_pa2J4Umtb3b3zmk5C18-mhTCVNsjnck'
with pytest.raises(JWTError):
jwt.get_unverified_claims(bad_token)
Example #5
| Source File: test_jwt.py From python-jose with MIT License | 5 votes |
|
def test_unverified_claims_string(self):
token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.aW52YWxpZCBjbGFpbQ.iOJ5SiNfaNO_pa2J4Umtb3b3zmk5C18-mhTCVNsjnck'
with pytest.raises(JWTError):
jwt.get_unverified_claims(token)
Example #6
| Source File: test_jwt.py From python-jose with MIT License | 5 votes |
|
def test_unverified_claims_list(self):
token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.WyJpbnZhbGlkIiwgImNsYWltcyJd.nZvw_Rt1FfUPb5OiVbrSYZGtWSE5c-gdJ6nQnTTBkYo'
with pytest.raises(JWTError):
jwt.get_unverified_claims(token)
Example #7
| Source File: test_jwt.py From python-jose with MIT License | 5 votes |
|
def test_unverified_claims_object(self, claims, key):
token = jwt.encode(claims, key)
assert jwt.get_unverified_claims(token) == claims
Example #8
| Source File: idp.py From sso-dashboard with Mozilla Public License 2.0 | 5 votes |
|
def requires_scope(self, required_scope):
"""Determines if the required scope is present in the Access Token
Args:
required_scope (str): The scope required to access the resource
"""
token = self.get_token_auth_header()
unverified_claims = jwt.get_unverified_claims(token)
if unverified_claims.get("scope"):
token_scopes = unverified_claims["scope"].split()
for token_scope in token_scopes:
if token_scope == required_scope:
return True
return False
Example #9
| Source File: server.py From auth0-python-api-samples with MIT License | 5 votes |
|
def requires_scope(required_scope):
"""Determines if the required scope is present in the access token
Args:
required_scope (str): The scope required to access the resource
"""
token = get_token_auth_header()
unverified_claims = jwt.get_unverified_claims(token)
if unverified_claims.get("scope"):
token_scopes = unverified_claims["scope"].split()
for token_scope in token_scopes:
if token_scope == required_scope:
return True
return False
Example #10
| Source File: decode-verify-jwt.py From aws-support-tools with Apache License 2.0 | 4 votes |
|
def lambda_handler(event, context):
token = event['token']
# get the kid from the headers prior to verification
headers = jwt.get_unverified_headers(token)
kid = headers['kid']
# search for the kid in the downloaded public keys
key_index = -1
for i in range(len(keys)):
if kid == keys[i]['kid']:
key_index = i
break
if key_index == -1:
print('Public key not found in jwks.json')
return False
# construct the public key
public_key = jwk.construct(keys[key_index])
# get the last two sections of the token,
# message and signature (encoded in base64)
message, encoded_signature = str(token).rsplit('.', 1)
# decode the signature
decoded_signature = base64url_decode(encoded_signature.encode('utf-8'))
# verify the signature
if not public_key.verify(message.encode("utf8"), decoded_signature):
print('Signature verification failed')
return False
print('Signature successfully verified')
# since we passed the verification, we can now safely
# use the unverified claims
claims = jwt.get_unverified_claims(token)
# additionally we can verify the token expiration
if time.time() > claims['exp']:
print('Token is expired')
return False
# and the Audience (use claims['client_id'] if verifying an access token)
if claims['aud'] != app_client_id:
print('Token was not issued for this audience')
return False
# now we can use the claims
print(claims)
return claims
# the following is useful to make this script executable in both
# AWS Lambda and any other local environments
