def _decode_jwt_from_headers():
header_name = config.header_name
header_type = config.header_type
# Verify we have the auth header
jwt_header = request.headers.get(header_name, None)
if not jwt_header:
raise NoAuthorizationError("Missing {} Header".format(header_name))
# Make sure the header is in a valid format that we are expecting, ie
# <HeaderName>: <HeaderType(optional)> <JWT>
parts = jwt_header.split()
if not header_type:
if len(parts) != 1:
msg = "Bad {} header. Expected value '<JWT>'".format(header_name)
raise InvalidHeaderError(msg)
encoded_token = parts[0]
else:
if parts[0] != header_type or len(parts) != 2:
msg = "Bad {} header. Expected value '{} <JWT>'".format(
header_name, header_type)
raise InvalidHeaderError(msg)
encoded_token = parts[1]
return decode_token(encoded_token)
def _decode_jwt_from_headers():
# Verify we have the auth header
header_name = get_jwt_header_name()
jwt_header = request.headers.get(header_name, None)
if not jwt_header:
raise NoAuthorizationError("Missing {} Header".format(header_name))
# Make sure the header is valid
expected_header = get_jwt_header_type()
parts = jwt_header.split()
if not expected_header:
if len(parts) != 1:
msg = "Bad {} header. Expected '<JWT>'"
raise InvalidHeaderError(msg)
token = parts[0]
else:
if parts[0] != expected_header or len(parts) != 2:
msg = "Bad {} header. Expected '{} <JWT>'".format(
header_name, expected_header)
raise InvalidHeaderError(msg)
token = parts[1]
secret = _get_secret_key()
algorithm = get_algorithm()
return _decode_jwt(token, secret, algorithm)
def _decode_jwt_from_headers() -> Tuple[str, str]:
header_name = config.header_name
header_type = config.header_type
# Verify we have the auth header
auth_header = request.headers.get(header_name, "").strip().strip(",")
if not auth_header:
raise NoAuthorizationError(f"Missing {header_name} Header")
# Make sure the header is in a valid format that we are expecting, ie
# <HeaderName>: <HeaderType(optional)> <JWT>.
#
# Also handle the fact that the header that can be comma delimited, ie
# <HeaderName>: <field> <value>, <field> <value>, etc...
if header_type:
field_values = split(r",\s*", auth_header)
jwt_headers = [s for s in field_values if s.split()[0] == header_type]
if len(jwt_headers) != 1:
msg = (f"Missing '{header_type}' type in '{header_name}' header. "
f"Expected '{header_name}: {header_type} <JWT>'")
raise NoAuthorizationError(msg)
parts = jwt_headers[0].split()
if len(parts) != 2:
msg = (f"Bad {header_name} header. "
f"Expected '{header_name}: {header_type} <JWT>'")
raise InvalidHeaderError(msg)
encoded_token = parts[1]
else:
parts = auth_header.split()
if len(parts) != 1:
msg = f"Bad {header_name} header. Expected '{header_name}: <JWT>'"
raise InvalidHeaderError(msg)
encoded_token = parts[0]
return encoded_token, None
def _decode_jwt_from_headers():
header_name = config.header_name
header_type = config.header_type
# Verify we have the auth header
auth_header = request.headers.get
if not auth_header:
raise NoAuthorizationError("Missing {} Header".format(header_name))
# Make sure the header is in a valid format that we are expecting, ie
# <HeaderName>: <HeaderType(optional)> <JWT>
jwt_header = None
# Check if header is comma delimited, ie
# <HeaderName>: <field> <value>, <field> <value>, etc...
if header_type:
field_values = split(r',\s*', auth_header)
jwt_header = [s for s in field_values if s.split()[0] == header_type]
if len(jwt_header) < 1 or len(jwt_header[0].split()) != 2:
msg = "Bad {} header. Expected value '{} <JWT>'".format(
header_name,
header_type
)
raise InvalidHeaderError(msg)
jwt_header = jwt_header[0]
else:
jwt_header = auth_header
parts = jwt_header.split()
if not header_type:
if len(parts) != 1:
msg = "Bad {} header. Expected value '<JWT>'".format(header_name)
raise InvalidHeaderError(msg)
encoded_token = parts[0]
else:
encoded_token = parts[1]
return encoded_token, None
def _decode_jwt_from_request():
# Verify we have the auth header
auth_header = request.headers.get('Authorization', None)
if not auth_header:
raise NoAuthHeaderError("Missing Authorization Header")
# Make sure the header is valid
expected_header = get_auth_header()
parts = auth_header.split()
if not expected_header:
if len(parts) != 1:
msg = "Badly formatted authorization header. Should be '<JWT>'"
raise InvalidHeaderError(msg)
token = parts[0]
else:
if parts[0] != expected_header or len(parts) != 2:
msg = "Bad authorization header. Expected '{} <JWT>'".format(expected_header)
raise InvalidHeaderError(msg)
token = parts[1]
secret = _get_secret_key()
algorithm = get_algorithm()
return _decode_jwt(token, secret, algorithm)
def invalid_header():
raise InvalidHeaderError()
