def _verify(self, key, audience): if self.expiry - self.not_before > self.MAX_LIFETIME: raise InvalidGrantError('Grant token lifetime is too long.') try: jwt.decode(self._token, algorithms=['HS256'], audience=audience, key=key, leeway=self.LEEWAY) except TypeError: raise InvalidClientError('Client is invalid.') except jwt.DecodeError: raise InvalidGrantError('Invalid grant token signature.') except jwt.exceptions.InvalidAlgorithmError: raise InvalidGrantError('Invalid grant token signature algorithm.') except jwt.MissingRequiredClaimError as exc: if exc.claim == 'aud': raise errors.MissingJWTGrantTokenClaimError('aud', 'audience') else: raise errors.MissingJWTGrantTokenClaimError(exc.claim) except jwt.InvalidAudienceError: raise errors.InvalidJWTGrantTokenClaimError('aud', 'audience') except jwt.ImmatureSignatureError: raise InvalidGrantError('Grant token is not yet valid.') except jwt.ExpiredSignatureError: raise InvalidGrantError('Grant token is expired.') except jwt.InvalidIssuedAtError: raise InvalidGrantError( 'Grant token issue time (iat) is in the future.')
def _verify(self, key, audience): # pylint:disable=too-complex if self.expiry - self.not_before > self.MAX_LIFETIME: raise InvalidGrantError("Grant token lifetime is too long.") try: jwt.decode( self._token, algorithms=["HS256"], audience=audience, key=key, leeway=self.LEEWAY, ) except TypeError as err: raise InvalidClientError("Client is invalid.") from err except jwt.DecodeError as err: raise InvalidGrantError("Invalid grant token signature.") from err except jwt.exceptions.InvalidAlgorithmError as err: raise InvalidGrantError( "Invalid grant token signature algorithm.") from err except jwt.MissingRequiredClaimError as err: if err.claim == "aud": raise MissingJWTGrantTokenClaimError("aud", "audience") from err raise MissingJWTGrantTokenClaimError(err.claim) from err except jwt.InvalidAudienceError as err: raise InvalidJWTGrantTokenClaimError("aud", "audience") from err except jwt.ImmatureSignatureError as err: raise InvalidGrantError("Grant token is not yet valid.") from err except jwt.ExpiredSignatureError as err: raise InvalidGrantError("Grant token is expired.") from err except jwt.InvalidIssuedAtError as err: raise InvalidGrantError( "Grant token issue time (iat) is in the future.") from err
def test_login_controller_invalid_grant(monkeypatch, mocker, flask_app, test_vcr): storage = MemoryStorage({"access_token": "fake-token"}) monkeypatch.setattr(bplogin, "storage", storage) with test_vcr.use_cassette("auth_google_token_revoke_fake.yml"): mocker.patch("flask_dance.consumer.oauth2.redirect", side_effect=InvalidGrantError()) with flask_app.test_client() as client: response = client.get("auth/google/authorized") assert re.search(r"google_login", response.headers["Location"]) is not None assert response.status_code == 302
def get_client(self): # type: () -> HydroShareAdapter """ Passes authentication details to underlying HydroShare object for authorization via OAuth 2.0. """ if self.auth_type == OAUTH_AC: token = self.get_token() auth = HydroShareAuthOAuth2(self.__client_id, self.__client_secret, token=token) elif self.auth_type == OAUTH_ROPC: auth = HydroShareAuthOAuth2(self.__client_id, self.__client_secret, username=self.username, password=self.password) else: raise InvalidGrantError("Invalid authorization grant type.") authorization_header = self.get_authorization_header() return HydroShareAdapter(auth=auth, default_headers=authorization_header)