def deser_id_token(inst, str=""): if not str: return None jso = json.loads(jwt.unpack(str)[1]) # gather all the necessary keys # my own first collection = inst.keystore.get_verify_key() if "iss" in jso: for key, val in inst.keystore.collect_keys(jso["iss"]).items(): try: collection[key].extend(val) except KeyError: collection[key] = val if "aud" in jso: for key, val in inst.keystore.collect_keys(jso["aud"]).items(): try: collection[key].extend(val) except KeyError: collection[key] = val jwt.verify(str, collection) return IdToken().from_dict(jso)
def test_hmac_512(): payload = "Please take a moment to register today" keycol = {"hmac": "My hollow echo"} _jwt = jwt.sign(payload, keycol, "HS512") info = jwt.verify(_jwt, keycol) assert info == payload
def from_jwt(self, txt, key, verify=True): """ Given a signed JWT, verify its correctness and then create a class instance from the content. :param txt: The JWT :param key: keys that might be used to verify the signature of the JWT :param verify: Whether the signature should be verified or not :return: A class instance """ try: jso = jwt.unpack(txt)[1] if isinstance(jso, basestring): jso = json.loads(jso) if verify: if key is None: key = {} try: _keys = key['.'] except KeyError: _keys = {} for ent in ["iss", "aud", "client_id"]: _keys = gather_keys(_keys, key, jso, ent) if "iss" not in jso and "aud" not in jso: for owner, _spec in key.items(): if owner == ".": continue for typ, keys in _spec.items(): try: _keys[typ].extend(keys) except KeyError: _keys[typ] = keys jwt.verify(txt, _keys) except Exception: raise return self.from_dict(jso)
def unpack_aggregated_claims(self, userinfo): if userinfo._claim_sources: for csrc, spec in userinfo._claim_sources.items(): if "JWT" in spec: if not csrc in self.keystore: self.provider_config(csrc, endpoints=False) keycol = self.keystore.pairkeys(csrc)["ver"] info = json.loads(jwt.verify(str(spec["JWT"]), keycol)) attr = [n for n, s in userinfo._claim_names.items() if s == csrc] assert attr == info.keys() for key, vals in info.items(): userinfo[key] = vals return userinfo