async def get_subject_by_provider(request: Request, provider_name: str,
token_str: str) -> str:
if provider_name.startswith(
f"cognito-idp.{request.app.state.region}.amazonaws.com/"):
try:
jwks = await get_jwks(
"https://{provider_name}/.well-known/jwks.json")
token = JsonWebToken().decode(token_str, key=jwks)
token.validate_iss()
token.validate_sub()
token.validate_exp(request.scope[NOW_KEY].timestamp(), LEEWAY)
except (httpx.HTTPError, JoseError):
logger.error("failed to validate token", exc_info=True)
raise NotAuthorizedException(
"Invalid login token. Not a valid OpenId Connect identity token."
)
else:
raise NotImplementedError()
async def get_subject_by_provider(request: Request, provider_name: str,
token_str: str) -> str:
m = COGNITO_IDP_ENDPOINT_URL_RE.match(provider_name)
if m is not None:
url_base = (request.app.state.user_pool_emulator_url_base.rstrip("/") +
"/" + m.group("pool_id"))
try:
jwks = await get_jwks(f"{url_base}/.well-known/jwks.json")
token = JsonWebToken().decode(token_str, key=jwks)
token.validate_iss()
token.validate_sub()
token.validate_exp(request.scope[NOW_KEY].timestamp(), LEEWAY)
except (httpx.HTTPError, JoseError):
logger.error("failed to validate token", exc_info=True)
raise NotAuthorizedException(
"Invalid login token. Not a valid OpenId Connect identity token."
)
return token["sub"]
else:
raise NotImplementedError()