Python jose.jwt.JWTError() Examples
The following are 6
code examples of jose.jwt.JWTError().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
jose.jwt
, or try the search function
.
.
Example #1
| Source File: deps.py From full-stack-fastapi-postgresql with MIT License | 8 votes |
|
def get_current_user(
db: Session = Depends(get_db), token: str = Depends(reusable_oauth2)
) -> models.User:
try:
payload = jwt.decode(
token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]
)
token_data = schemas.TokenPayload(**payload)
except (jwt.JWTError, ValidationError):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Could not validate credentials",
)
user = crud.user.get(db, id=token_data.sub)
if not user:
raise HTTPException(status_code=404, detail="User not found")
return user
Example #2
| Source File: jwt.py From dvhb-hybrid with MIT License | 5 votes |
|
def middleware(self, request, handler):
token = request.headers.get('Authorization')
if token and token.startswith('Bearer'):
token = token[7:]
else:
token = request.rel_url.query.get('token')
if not token:
token = request.headers.get('token')
request.verified = False
if token:
try:
payload = self.decode(token)
request.verified = True
except jwt.JWTError:
raise web.HTTPUnauthorized()
else:
payload = {}
request.session = payload
return await handler(request)
Example #3
| Source File: utils.py From full-stack-fastapi-postgresql with MIT License | 5 votes |
|
def verify_password_reset_token(token: str) -> Optional[str]:
try:
decoded_token = jwt.decode(token, settings.SECRET_KEY, algorithms=["HS256"])
return decoded_token["email"]
except jwt.JWTError:
return None
Example #4
| Source File: backends.py From richie with MIT License | 4 votes |
|
def validate_and_return_id_token(self, id_token, access_token):
"""
Validates the id_token according to the steps at
http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation.
"""
key = self.find_valid_key(id_token)
if not key:
raise AuthTokenError(self, "Signature verification failed")
alg = key["alg"]
rsa_key = jwk.construct(key)
k = {
"alg": rsa_key._algorithm, # pylint: disable=protected-access
"kty": "oct",
"k": base64.urlsafe_b64encode(rsa_key.prepared_key)
.rstrip(b"=")
.decode("utf-8"),
}
try:
claims = jwt.decode(
id_token,
k,
algorithms=[alg],
audience=self.setting("KEY"),
issuer=self.id_token_issuer(),
options=self.JWT_DECODE_OPTIONS,
)
except ExpiredSignatureError:
raise AuthTokenError(self, "Signature has expired")
except JWTClaimsError as error:
raise AuthTokenError(self, str(error))
except JWTError:
raise AuthTokenError(self, "Invalid signature")
self.validate_claims(claims)
Example #5
| Source File: identity.py From gigantum-client with MIT License | 4 votes |
|
def _get_jwt_public_key(self, id_token: str) -> Optional[Dict[str, str]]:
"""Method to get the public key for JWT signing
Args:
id_token(str): The JSON Web Token received from the identity provider
Returns:
dict
"""
key_path = os.path.join(self.config.config['git']['working_directory'], '.labmanager', 'identity')
if not os.path.exists(key_path):
os.makedirs(key_path)
key_file = os.path.join(key_path, "jwks.json")
# Check for local cached key data
if os.path.exists(key_file):
with open(key_file, 'rt') as jwk_file:
jwks = json.load(jwk_file)
else:
try:
url = "https://" + self.config.config['auth']['provider_domain'] + "/.well-known/jwks.json"
response = requests.get(url)
except Exception as err:
logger.info(type(err))
logger.info(err)
raise AuthenticationError(str(err), 401)
if response.status_code != 200:
raise AuthenticationError("Failed to load public RSA key to validate Bearer token", 401)
jwks = response.json()
# Save for later use
if os.path.exists(key_path):
with open(key_file, 'wt') as jwk_file:
json.dump(jwks, jwk_file)
logger.info("Fetched RSA key from server and saved to disk")
# Load header
try:
unverified_header = jwt.get_unverified_header(id_token)
except jwt.JWTError as err:
raise AuthenticationError(str(err), 401)
rsa_key: dict = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"]
}
return rsa_key
Example #6
| Source File: server.py From auth0-python-api-samples with MIT License | 4 votes |
|
def requires_auth(f):
"""Determines if the access token is valid
"""
@wraps(f)
def decorated(*args, **kwargs):
token = get_token_auth_header()
jsonurl = urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
jwks = json.loads(jsonurl.read())
try:
unverified_header = jwt.get_unverified_header(token)
except jwt.JWTError:
raise AuthError({"code": "invalid_header",
"description":
"Invalid header. "
"Use an RS256 signed JWT Access Token"}, 401)
if unverified_header["alg"] == "HS256":
raise AuthError({"code": "invalid_header",
"description":
"Invalid header. "
"Use an RS256 signed JWT Access Token"}, 401)
rsa_key = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"]
}
if rsa_key:
try:
payload = jwt.decode(
token,
rsa_key,
algorithms=ALGORITHMS,
audience=API_IDENTIFIER,
issuer="https://"+AUTH0_DOMAIN+"/"
)
except jwt.ExpiredSignatureError:
raise AuthError({"code": "token_expired",
"description": "token is expired"}, 401)
except jwt.JWTClaimsError:
raise AuthError({"code": "invalid_claims",
"description":
"incorrect claims,"
" please check the audience and issuer"}, 401)
except Exception:
raise AuthError({"code": "invalid_header",
"description":
"Unable to parse authentication"
" token."}, 401)
_request_ctx_stack.top.current_user = payload
return f(*args, **kwargs)
raise AuthError({"code": "invalid_header",
"description": "Unable to find appropriate key"}, 401)
return decorated
# Controllers API
