def _decode_jwt_from_headers(): header_name = config.header_name header_type = config.header_type # Verify we have the auth header jwt_header = request.headers.get(header_name, None) if not jwt_header: raise NoAuthorizationError("Missing {} Header".format(header_name)) # Make sure the header is in a valid format that we are expecting, ie # <HeaderName>: <HeaderType(optional)> <JWT> parts = jwt_header.split() if not header_type: if len(parts) != 1: msg = "Bad {} header. Expected value '<JWT>'".format(header_name) raise InvalidHeaderError(msg) encoded_token = parts[0] else: if parts[0] != header_type or len(parts) != 2: msg = "Bad {} header. Expected value '{} <JWT>'".format( header_name, header_type) raise InvalidHeaderError(msg) encoded_token = parts[1] return decode_token(encoded_token)
def _decode_jwt_from_headers(): # Verify we have the auth header header_name = get_jwt_header_name() jwt_header = request.headers.get(header_name, None) if not jwt_header: raise NoAuthorizationError("Missing {} Header".format(header_name)) # Make sure the header is valid expected_header = get_jwt_header_type() parts = jwt_header.split() if not expected_header: if len(parts) != 1: msg = "Bad {} header. Expected '<JWT>'" raise InvalidHeaderError(msg) token = parts[0] else: if parts[0] != expected_header or len(parts) != 2: msg = "Bad {} header. Expected '{} <JWT>'".format( header_name, expected_header) raise InvalidHeaderError(msg) token = parts[1] secret = _get_secret_key() algorithm = get_algorithm() return _decode_jwt(token, secret, algorithm)
def _decode_jwt_from_headers() -> Tuple[str, str]: header_name = config.header_name header_type = config.header_type # Verify we have the auth header auth_header = request.headers.get(header_name, "").strip().strip(",") if not auth_header: raise NoAuthorizationError(f"Missing {header_name} Header") # Make sure the header is in a valid format that we are expecting, ie # <HeaderName>: <HeaderType(optional)> <JWT>. # # Also handle the fact that the header that can be comma delimited, ie # <HeaderName>: <field> <value>, <field> <value>, etc... if header_type: field_values = split(r",\s*", auth_header) jwt_headers = [s for s in field_values if s.split()[0] == header_type] if len(jwt_headers) != 1: msg = (f"Missing '{header_type}' type in '{header_name}' header. " f"Expected '{header_name}: {header_type} <JWT>'") raise NoAuthorizationError(msg) parts = jwt_headers[0].split() if len(parts) != 2: msg = (f"Bad {header_name} header. " f"Expected '{header_name}: {header_type} <JWT>'") raise InvalidHeaderError(msg) encoded_token = parts[1] else: parts = auth_header.split() if len(parts) != 1: msg = f"Bad {header_name} header. Expected '{header_name}: <JWT>'" raise InvalidHeaderError(msg) encoded_token = parts[0] return encoded_token, None
def _decode_jwt_from_headers(): header_name = config.header_name header_type = config.header_type # Verify we have the auth header auth_header = request.headers.get if not auth_header: raise NoAuthorizationError("Missing {} Header".format(header_name)) # Make sure the header is in a valid format that we are expecting, ie # <HeaderName>: <HeaderType(optional)> <JWT> jwt_header = None # Check if header is comma delimited, ie # <HeaderName>: <field> <value>, <field> <value>, etc... if header_type: field_values = split(r',\s*', auth_header) jwt_header = [s for s in field_values if s.split()[0] == header_type] if len(jwt_header) < 1 or len(jwt_header[0].split()) != 2: msg = "Bad {} header. Expected value '{} <JWT>'".format( header_name, header_type ) raise InvalidHeaderError(msg) jwt_header = jwt_header[0] else: jwt_header = auth_header parts = jwt_header.split() if not header_type: if len(parts) != 1: msg = "Bad {} header. Expected value '<JWT>'".format(header_name) raise InvalidHeaderError(msg) encoded_token = parts[0] else: encoded_token = parts[1] return encoded_token, None
def _decode_jwt_from_request(): # Verify we have the auth header auth_header = request.headers.get('Authorization', None) if not auth_header: raise NoAuthHeaderError("Missing Authorization Header") # Make sure the header is valid expected_header = get_auth_header() parts = auth_header.split() if not expected_header: if len(parts) != 1: msg = "Badly formatted authorization header. Should be '<JWT>'" raise InvalidHeaderError(msg) token = parts[0] else: if parts[0] != expected_header or len(parts) != 2: msg = "Bad authorization header. Expected '{} <JWT>'".format(expected_header) raise InvalidHeaderError(msg) token = parts[1] secret = _get_secret_key() algorithm = get_algorithm() return _decode_jwt(token, secret, algorithm)
def invalid_header(): raise InvalidHeaderError()