def test_validate_aud(self):
id_token = jwt.encode({'alg': 'HS256'}, {'aud': 'foo'}, 'k')
claims_options = {
'aud': {
'essential': True,
'value': 'foo'
}
}
claims = jwt.decode(id_token, 'k', claims_options=claims_options)
claims.validate()
claims.options = {
'aud': {'values': ['bar']}
}
self.assertRaises(
errors.InvalidClaimError,
claims.validate
)
id_token = jwt.encode({'alg': 'HS256'}, {'aud': ['foo', 'bar']}, 'k')
claims = jwt.decode(id_token, 'k', claims_options=claims_options)
claims.validate()
# no validate
claims.options = {'aud': {'values': []}}
claims.validate()
def test_validate_exp(self):
id_token = jwt.encode({'alg': 'HS256'}, {'exp': 'invalid'}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertRaises(errors.InvalidClaimError, claims.validate)
id_token = jwt.encode({'alg': 'HS256'}, {'exp': 1234}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertRaises(errors.ExpiredTokenError, claims.validate)
def test_validate_nbf(self):
id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 'invalid'}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertRaises(errors.InvalidClaimError, claims.validate)
id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 1234}, 'k')
claims = jwt.decode(id_token, 'k')
claims.validate()
id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 1234}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertRaises(errors.InvalidTokenError, claims.validate, 123)
def detokenize(token):
"""Decodes the passed JWT token.
Args:
token (str): JWT token
Returns:
Dict: A dictionary of the decoded data.
"""
public_key = getenv('JWT_PUBLIC_KEY')
decoded_token = jwt.decode(token, public_key) if token else None
dt = date_time.time().timestamp()
now = int(round(dt))
if not decoded_token:
raises('No token was provided', 400)
if decoded_token and decoded_token['exp'] < now:
raises(MESSAGES['EXPIRED_TOKEN'], 403)
return decoded_token
def parse_id_token(remote,
id_token,
claims_options,
access_token=None,
nonce=None):
"""Parse UserInfo from id_token."""
def load_key(header, payload):
jwk_set = remote.fetch_jwk_set()
try:
return jwk.loads(jwk_set, header.get('kid'))
except ValueError:
jwk_set = remote.fetch_jwk_set(force=True)
return jwk.loads(jwk_set, header.get('kid'))
claims_params = dict(
nonce=nonce,
client_id=remote.client_id,
)
if access_token:
claims_params['access_token'] = access_token
claims_cls = CodeIDToken
else:
claims_cls = ImplicitIDToken
claims = jwt.decode(
id_token,
key=load_key,
claims_cls=claims_cls,
claims_options=claims_options,
claims_params=claims_params,
)
claims.validate(leeway=120)
return UserInfo(claims)
def verify_id_token(response,
key,
response_type='code',
issuers=None,
client_id=None,
nonce=None,
max_age=None,
now=None):
deprecate('"verify_id_token" is deprecated, use JWT instead.', 0.8)
if 'id_token' not in response:
raise ValueError('Invalid OpenID response')
claims_cls = get_claim_cls_by_response_type(response_type)
claims_request = {
'access_token': response.get('access_token'),
'client_id': client_id,
'nonce': nonce,
'max_age': max_age
}
claims_options = {
'iss': {
'values': issuers,
}
}
claims = jwt.decode(
response['id_token'],
key,
claims_cls,
claims_options=claims_options,
claims_params=claims_request,
)
claims.validate(now=now)
return claims
def test_validate_iat(self):
id_token = jwt.encode({'alg': 'HS256'}, {'iat': 'invalid'}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertRaises(
errors.InvalidClaimError,
claims.validate
)
def test_validate_essential_claims(self):
id_token = jwt.encode({'alg': 'HS256'}, {'iss': 'foo'}, 'k')
claims_options = {'iss': {'essential': True, 'values': ['foo']}}
claims = jwt.decode(id_token, 'k', claims_options=claims_options)
claims.validate()
claims.options = {'sub': {'essential': True}}
self.assertRaises(errors.MissingClaimError, claims.validate)
def decorated(*args, **kwargs):
print(request.headers.get('Authorization')[7:]) #Aqui llega
encoded_token = request.headers.get('Authorization')[7:] #Salta Baerer
try:
payload = jwt.decode(encoded_token, key)
except: #raise RuntimeError('Invalid credentials')
return abort(401) #errors['InvalidCredentials']
return func(*args, **kwargs) #Se ejecuta el endpoint'
def test_use_jws(self):
payload = {'name': 'hi'}
private_key = read_file_path('rsa_private.pem')
pub_key = read_file_path('rsa_public.pem')
data = jwt.encode({'alg': 'RS256'}, payload, private_key)
self.assertEqual(data.count(b'.'), 2)
claims = jwt.decode(data, pub_key)
self.assertEqual(claims['name'], 'hi')
def assert_token(raw, public="public.pem"):
"Read token and validate it"
pk = public_key(public)
t = jwt.decode(raw, pk)
h = t.header
assert h['typ'] == 'JWT'
assert h['alg'].startswith('RS')
size = int(h['alg'][2:])
assert size >= 256
t.validate()
return t
def test_validate_jti(self):
id_token = jwt.encode({'alg': 'HS256'}, {'jti': 'bar'}, 'k')
claims_options = {
'jti': {
'validate': lambda c, o: o == 'foo'
}
}
claims = jwt.decode(id_token, 'k', claims_options=claims_options)
self.assertRaises(
errors.InvalidClaimError,
claims.validate
)
def test_invalid_values(self):
id_token = jwt.encode({'alg': 'HS256'}, {'iss': 'foo'}, 'k')
claims_options = {'iss': {'values': ['bar']}}
claims = jwt.decode(id_token, 'k', claims_options=claims_options)
self.assertRaises(
errors.InvalidClaimError,
claims.validate,
)
claims.options = {'iss': {'value': 'bar'}}
self.assertRaises(
errors.InvalidClaimError,
claims.validate,
)
def post(self, name):
if name:
users.append({'id': len(users) + 1, 'name': name}) #Nuevo usuario
payload = {
#'id': id,
'name': name,
}
encoded_token = jwt.encode(header, payload, key)
return print(encoded_token), print(jwt.decode(encoded_token, key))
else:
abort(404)
def parse_openid(client, response, nonce=None):
jwk_set = _get_google_jwk_set(client)
id_token = response['id_token']
claims_params = dict(nonce=nonce,
client_id=client.client_id,
access_token=response['access_token'])
claims = jwt.decode(
id_token,
key=jwk_set,
claims_cls=CodeIDToken,
claims_options=GOOGLE_CLAIMS_OPTIONS,
claims_params=claims_params,
)
claims.validate(leeway=120)
return UserInfo(claims)
def decode(self, token):
key = self.config['key']
options = {
"iss": {
"essential": True,
"values": [self.config['iss']]
},
"aud": {
"essential": True,
"value": self.config['aud']
},
# "jti": {
# "essential": True,
# "value": self.config['jti']
# }
}
return jwt.decode(token, key, None, options)
def parse_id_token(id_token, key):
deprecate('"parse_id_token" is deprecated, use JWT instead.', 0.8)
claims = jwt.decode(id_token, key)
return claims, claims.header
def test_encode_datetime(self):
now = datetime.datetime.utcnow()
id_token = jwt.encode({'alg': 'HS256'}, {'exp': now}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertIsInstance(claims.exp, int)
