Python jose.jwt.get_unverified_header() Examples
The following are 4
code examples of jose.jwt.get_unverified_header().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
jose.jwt
, or try the search function
.
.
Example #1
| Source File: __init__.py From warrant with Apache License 2.0 | 5 votes |
|
def verify_token(self,token,id_name,token_use):
kid = jwt.get_unverified_header(token).get('kid')
unverified_claims = jwt.get_unverified_claims(token)
token_use_verified = unverified_claims.get('token_use') == token_use
if not token_use_verified:
raise TokenVerificationException('Your {} token use could not be verified.')
hmac_key = self.get_key(kid)
try:
verified = jwt.decode(token,hmac_key,algorithms=['RS256'],
audience=unverified_claims.get('aud'),
issuer=unverified_claims.get('iss'))
except JWTError:
raise TokenVerificationException('Your {} token could not be verified.')
setattr(self,id_name,token)
return verified
Example #2
| Source File: identity.py From gigantum-client with MIT License | 4 votes |
|
def _get_jwt_public_key(self, id_token: str) -> Optional[Dict[str, str]]:
"""Method to get the public key for JWT signing
Args:
id_token(str): The JSON Web Token received from the identity provider
Returns:
dict
"""
key_path = os.path.join(self.config.config['git']['working_directory'], '.labmanager', 'identity')
if not os.path.exists(key_path):
os.makedirs(key_path)
key_file = os.path.join(key_path, "jwks.json")
# Check for local cached key data
if os.path.exists(key_file):
with open(key_file, 'rt') as jwk_file:
jwks = json.load(jwk_file)
else:
try:
url = "https://" + self.config.config['auth']['provider_domain'] + "/.well-known/jwks.json"
response = requests.get(url)
except Exception as err:
logger.info(type(err))
logger.info(err)
raise AuthenticationError(str(err), 401)
if response.status_code != 200:
raise AuthenticationError("Failed to load public RSA key to validate Bearer token", 401)
jwks = response.json()
# Save for later use
if os.path.exists(key_path):
with open(key_file, 'wt') as jwk_file:
json.dump(jwks, jwk_file)
logger.info("Fetched RSA key from server and saved to disk")
# Load header
try:
unverified_header = jwt.get_unverified_header(id_token)
except jwt.JWTError as err:
raise AuthenticationError(str(err), 401)
rsa_key: dict = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"]
}
return rsa_key
Example #3
| Source File: auth.py From service-map with Mozilla Public License 2.0 | 4 votes |
|
def requires_auth(f):
"""Determines if the Access Token is valid
"""
@wraps(f)
def decorated(*args, **kwargs):
token = get_token_auth_header()
jsonurl = urlopen("https://" + AUTH0_DOMAIN + "/.well-known/jwks.json")
jwks = json.loads(jsonurl.read())
unverified_header = jwt.get_unverified_header(token)
rsa_key = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"],
}
if rsa_key:
try:
payload = jwt.decode(
token,
rsa_key,
algorithms=ALGORITHMS,
audience=API_AUDIENCE,
issuer="https://" + AUTH0_DOMAIN + "/",
)
except jwt.ExpiredSignatureError:
abort(401, "Authorization token is expired")
except jwt.JWTClaimsError:
abort(
401,
"Authorization claim is incorrect, please check audience and issuer",
)
except Exception:
abort(401, "Authorization header cannot be parsed")
_request_ctx_stack.top.current_user = payload
return f(*args, **kwargs)
else:
abort(401, "Authorization error, unable to find appropriate key")
return decorated
Example #4
| Source File: server.py From auth0-python-api-samples with MIT License | 4 votes |
|
def requires_auth(f):
"""Determines if the access token is valid
"""
@wraps(f)
def decorated(*args, **kwargs):
token = get_token_auth_header()
jsonurl = urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
jwks = json.loads(jsonurl.read())
try:
unverified_header = jwt.get_unverified_header(token)
except jwt.JWTError:
raise AuthError({"code": "invalid_header",
"description":
"Invalid header. "
"Use an RS256 signed JWT Access Token"}, 401)
if unverified_header["alg"] == "HS256":
raise AuthError({"code": "invalid_header",
"description":
"Invalid header. "
"Use an RS256 signed JWT Access Token"}, 401)
rsa_key = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"]
}
if rsa_key:
try:
payload = jwt.decode(
token,
rsa_key,
algorithms=ALGORITHMS,
audience=API_IDENTIFIER,
issuer="https://"+AUTH0_DOMAIN+"/"
)
except jwt.ExpiredSignatureError:
raise AuthError({"code": "token_expired",
"description": "token is expired"}, 401)
except jwt.JWTClaimsError:
raise AuthError({"code": "invalid_claims",
"description":
"incorrect claims,"
" please check the audience and issuer"}, 401)
except Exception:
raise AuthError({"code": "invalid_header",
"description":
"Unable to parse authentication"
" token."}, 401)
_request_ctx_stack.top.current_user = payload
return f(*args, **kwargs)
raise AuthError({"code": "invalid_header",
"description": "Unable to find appropriate key"}, 401)
return decorated
# Controllers API
