def validate_claims(self, id_token, params):
jwt = JWT(['HS256'])
claims = jwt.decode(id_token,
'secret',
claims_cls=ImplicitIDToken,
claims_params=params)
claims.validate()
def validate_claims(self, id_token, params):
jwt = JWT()
claims = jwt.decode(id_token,
'secret',
claims_cls=HybridIDToken,
claims_params=params)
claims.validate()
def test_authorize_token(self):
self.prepare_data()
rv = self.client.post('/oauth/authorize', data={
'response_type': 'code',
'client_id': 'code-client',
'state': 'bar',
'scope': 'openid profile',
'redirect_uri': 'https://a.b',
'user_id': '1'
})
self.assertIn('code=', rv.location)
params = dict(url_decode(urlparse.urlparse(rv.location).query))
self.assertEqual(params['state'], 'bar')
code = params['code']
headers = self.create_basic_header('code-client', 'code-secret')
rv = self.client.post('/oauth/token', data={
'grant_type': 'authorization_code',
'redirect_uri': 'https://a.b',
'code': code,
}, headers=headers)
resp = json.loads(rv.data)
self.assertIn('access_token', resp)
self.assertIn('id_token', resp)
jwt = JWT()
claims = jwt.decode(
resp['id_token'], 'secret',
claims_cls=CodeIDToken,
claims_options={'iss': {'value': 'Authlib'}}
)
claims.validate()
def validate_token(response):
id_token = response.get('id_token', None)
keys = requests.get('https://id.twitch.tv/oauth2/keys').json()
jwt = JWT()
claims = jwt.decode(id_token, keys, claims_cls=CodeIDToken)
try:
claims.validate()
except errors.InvalidClaimError:
pass
except errors.InvalidTokenError:
pass
def parse_openid(client, response, nonce=None):
jwk_set = _get_google_jwk_set(client)
id_token = response['id_token']
claims_params = dict(nonce=nonce,
client_id=client.client_id,
access_token=response['access_token'])
jwt = JWT()
claims = jwt.decode(
id_token,
key=jwk_set,
claims_cls=CodeIDToken,
claims_options=GOOGLE_CLAIMS_OPTIONS,
claims_params=claims_params,
)
claims.validate(leeway=120)
return UserInfo(claims)