async def get_subject_by_provider(request: Request, provider_name: str, token_str: str) -> str: if provider_name.startswith( f"cognito-idp.{request.app.state.region}.amazonaws.com/"): try: jwks = await get_jwks( "https://{provider_name}/.well-known/jwks.json") token = JsonWebToken().decode(token_str, key=jwks) token.validate_iss() token.validate_sub() token.validate_exp(request.scope[NOW_KEY].timestamp(), LEEWAY) except (httpx.HTTPError, JoseError): logger.error("failed to validate token", exc_info=True) raise NotAuthorizedException( "Invalid login token. Not a valid OpenId Connect identity token." ) else: raise NotImplementedError()
async def get_subject_by_provider(request: Request, provider_name: str, token_str: str) -> str: m = COGNITO_IDP_ENDPOINT_URL_RE.match(provider_name) if m is not None: url_base = (request.app.state.user_pool_emulator_url_base.rstrip("/") + "/" + m.group("pool_id")) try: jwks = await get_jwks(f"{url_base}/.well-known/jwks.json") token = JsonWebToken().decode(token_str, key=jwks) token.validate_iss() token.validate_sub() token.validate_exp(request.scope[NOW_KEY].timestamp(), LEEWAY) except (httpx.HTTPError, JoseError): logger.error("failed to validate token", exc_info=True) raise NotAuthorizedException( "Invalid login token. Not a valid OpenId Connect identity token." ) return token["sub"] else: raise NotImplementedError()