def _verify(self, key, audience): # pylint:disable=too-complex
if self.expiry - self.not_before > self.MAX_LIFETIME:
raise InvalidGrantError("Grant token lifetime is too long.")
try:
jwt.decode(
self._token,
algorithms=["HS256"],
audience=audience,
key=key,
leeway=self.LEEWAY,
)
except TypeError as err:
raise InvalidClientError("Client is invalid.") from err
except jwt.DecodeError as err:
raise InvalidGrantError("Invalid grant token signature.") from err
except jwt.exceptions.InvalidAlgorithmError as err:
raise InvalidGrantError(
"Invalid grant token signature algorithm.") from err
except jwt.MissingRequiredClaimError as err:
if err.claim == "aud":
raise errors.MissingJWTGrantTokenClaimError(
"aud", "audience") from err
raise errors.MissingJWTGrantTokenClaimError(err.claim) from err
except jwt.InvalidAudienceError as err:
raise errors.InvalidJWTGrantTokenClaimError("aud",
"audience") from err
except jwt.ImmatureSignatureError as err:
raise InvalidGrantError("Grant token is not yet valid.") from err
except jwt.ExpiredSignatureError as err:
raise InvalidGrantError("Grant token is expired.") from err
except jwt.InvalidIssuedAtError as err:
raise InvalidGrantError(
"Grant token issue time (iat) is in the future.") from err
def _verify(self, key, audience):
if self.expiry - self.not_before > self.MAX_LIFETIME:
raise InvalidGrantError('Grant token lifetime is too long.')
try:
jwt.decode(self._token,
algorithms=['HS256'],
audience=audience,
key=key,
leeway=self.LEEWAY)
except TypeError:
raise InvalidClientError('Client is invalid.')
except jwt.DecodeError:
raise InvalidGrantError('Invalid grant token signature.')
except jwt.exceptions.InvalidAlgorithmError:
raise InvalidGrantError('Invalid grant token signature algorithm.')
except jwt.MissingRequiredClaimError as exc:
if exc.claim == 'aud':
raise errors.MissingJWTGrantTokenClaimError('aud', 'audience')
else:
raise errors.MissingJWTGrantTokenClaimError(exc.claim)
except jwt.InvalidAudienceError:
raise errors.InvalidJWTGrantTokenClaimError('aud', 'audience')
except jwt.ImmatureSignatureError:
raise InvalidGrantError('Grant token is not yet valid.')
except jwt.ExpiredSignatureError:
raise InvalidGrantError('Grant token is expired.')
except jwt.InvalidIssuedAtError:
raise InvalidGrantError(
'Grant token issue time (iat) is in the future.')
def _timestamp_claim(self, key, description):
claim = self._claims.get(key, None)
if claim is None:
raise errors.MissingJWTGrantTokenClaimError(key, description)
try:
return datetime.datetime.utcfromtimestamp(claim)
except (TypeError, ValueError):
raise errors.InvalidJWTGrantTokenClaimError(key, description)
def issuer(self):
iss = self._claims.get('iss', None)
if not iss:
raise errors.MissingJWTGrantTokenClaimError('iss', 'issuer')
return iss
def subject(self):
sub = self._claims.get('sub', None)
if not sub:
raise errors.MissingJWTGrantTokenClaimError('sub', 'subject')
return sub
def issuer(self):
iss = self._claims.get("iss", None)
if not iss:
raise errors.MissingJWTGrantTokenClaimError("iss", "issuer")
return iss
def subject(self):
sub = self._claims.get("sub", None)
if not sub:
raise errors.MissingJWTGrantTokenClaimError("sub", "subject")
return sub
