def test_validate_aud(self): id_token = jwt.encode({'alg': 'HS256'}, {'aud': 'foo'}, 'k') claims_options = { 'aud': { 'essential': True, 'value': 'foo' } } claims = jwt.decode(id_token, 'k', claims_options=claims_options) claims.validate() claims.options = { 'aud': {'values': ['bar']} } self.assertRaises( errors.InvalidClaimError, claims.validate ) id_token = jwt.encode({'alg': 'HS256'}, {'aud': ['foo', 'bar']}, 'k') claims = jwt.decode(id_token, 'k', claims_options=claims_options) claims.validate() # no validate claims.options = {'aud': {'values': []}} claims.validate()
def test_validate_exp(self): id_token = jwt.encode({'alg': 'HS256'}, {'exp': 'invalid'}, 'k') claims = jwt.decode(id_token, 'k') self.assertRaises(errors.InvalidClaimError, claims.validate) id_token = jwt.encode({'alg': 'HS256'}, {'exp': 1234}, 'k') claims = jwt.decode(id_token, 'k') self.assertRaises(errors.ExpiredTokenError, claims.validate)
def test_validate_nbf(self): id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 'invalid'}, 'k') claims = jwt.decode(id_token, 'k') self.assertRaises(errors.InvalidClaimError, claims.validate) id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 1234}, 'k') claims = jwt.decode(id_token, 'k') claims.validate() id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 1234}, 'k') claims = jwt.decode(id_token, 'k') self.assertRaises(errors.InvalidTokenError, claims.validate, 123)
def detokenize(token): """Decodes the passed JWT token. Args: token (str): JWT token Returns: Dict: A dictionary of the decoded data. """ public_key = getenv('JWT_PUBLIC_KEY') decoded_token = jwt.decode(token, public_key) if token else None dt = date_time.time().timestamp() now = int(round(dt)) if not decoded_token: raises('No token was provided', 400) if decoded_token and decoded_token['exp'] < now: raises(MESSAGES['EXPIRED_TOKEN'], 403) return decoded_token
def parse_id_token(remote, id_token, claims_options, access_token=None, nonce=None): """Parse UserInfo from id_token.""" def load_key(header, payload): jwk_set = remote.fetch_jwk_set() try: return jwk.loads(jwk_set, header.get('kid')) except ValueError: jwk_set = remote.fetch_jwk_set(force=True) return jwk.loads(jwk_set, header.get('kid')) claims_params = dict( nonce=nonce, client_id=remote.client_id, ) if access_token: claims_params['access_token'] = access_token claims_cls = CodeIDToken else: claims_cls = ImplicitIDToken claims = jwt.decode( id_token, key=load_key, claims_cls=claims_cls, claims_options=claims_options, claims_params=claims_params, ) claims.validate(leeway=120) return UserInfo(claims)
def verify_id_token(response, key, response_type='code', issuers=None, client_id=None, nonce=None, max_age=None, now=None): deprecate('"verify_id_token" is deprecated, use JWT instead.', 0.8) if 'id_token' not in response: raise ValueError('Invalid OpenID response') claims_cls = get_claim_cls_by_response_type(response_type) claims_request = { 'access_token': response.get('access_token'), 'client_id': client_id, 'nonce': nonce, 'max_age': max_age } claims_options = { 'iss': { 'values': issuers, } } claims = jwt.decode( response['id_token'], key, claims_cls, claims_options=claims_options, claims_params=claims_request, ) claims.validate(now=now) return claims
def test_validate_iat(self): id_token = jwt.encode({'alg': 'HS256'}, {'iat': 'invalid'}, 'k') claims = jwt.decode(id_token, 'k') self.assertRaises( errors.InvalidClaimError, claims.validate )
def test_validate_essential_claims(self): id_token = jwt.encode({'alg': 'HS256'}, {'iss': 'foo'}, 'k') claims_options = {'iss': {'essential': True, 'values': ['foo']}} claims = jwt.decode(id_token, 'k', claims_options=claims_options) claims.validate() claims.options = {'sub': {'essential': True}} self.assertRaises(errors.MissingClaimError, claims.validate)
def decorated(*args, **kwargs): print(request.headers.get('Authorization')[7:]) #Aqui llega encoded_token = request.headers.get('Authorization')[7:] #Salta Baerer try: payload = jwt.decode(encoded_token, key) except: #raise RuntimeError('Invalid credentials') return abort(401) #errors['InvalidCredentials'] return func(*args, **kwargs) #Se ejecuta el endpoint'
def test_use_jws(self): payload = {'name': 'hi'} private_key = read_file_path('rsa_private.pem') pub_key = read_file_path('rsa_public.pem') data = jwt.encode({'alg': 'RS256'}, payload, private_key) self.assertEqual(data.count(b'.'), 2) claims = jwt.decode(data, pub_key) self.assertEqual(claims['name'], 'hi')
def assert_token(raw, public="public.pem"): "Read token and validate it" pk = public_key(public) t = jwt.decode(raw, pk) h = t.header assert h['typ'] == 'JWT' assert h['alg'].startswith('RS') size = int(h['alg'][2:]) assert size >= 256 t.validate() return t
def test_validate_jti(self): id_token = jwt.encode({'alg': 'HS256'}, {'jti': 'bar'}, 'k') claims_options = { 'jti': { 'validate': lambda c, o: o == 'foo' } } claims = jwt.decode(id_token, 'k', claims_options=claims_options) self.assertRaises( errors.InvalidClaimError, claims.validate )
def test_invalid_values(self): id_token = jwt.encode({'alg': 'HS256'}, {'iss': 'foo'}, 'k') claims_options = {'iss': {'values': ['bar']}} claims = jwt.decode(id_token, 'k', claims_options=claims_options) self.assertRaises( errors.InvalidClaimError, claims.validate, ) claims.options = {'iss': {'value': 'bar'}} self.assertRaises( errors.InvalidClaimError, claims.validate, )
def post(self, name): if name: users.append({'id': len(users) + 1, 'name': name}) #Nuevo usuario payload = { #'id': id, 'name': name, } encoded_token = jwt.encode(header, payload, key) return print(encoded_token), print(jwt.decode(encoded_token, key)) else: abort(404)
def parse_openid(client, response, nonce=None): jwk_set = _get_google_jwk_set(client) id_token = response['id_token'] claims_params = dict(nonce=nonce, client_id=client.client_id, access_token=response['access_token']) claims = jwt.decode( id_token, key=jwk_set, claims_cls=CodeIDToken, claims_options=GOOGLE_CLAIMS_OPTIONS, claims_params=claims_params, ) claims.validate(leeway=120) return UserInfo(claims)
def decode(self, token): key = self.config['key'] options = { "iss": { "essential": True, "values": [self.config['iss']] }, "aud": { "essential": True, "value": self.config['aud'] }, # "jti": { # "essential": True, # "value": self.config['jti'] # } } return jwt.decode(token, key, None, options)
def parse_id_token(id_token, key): deprecate('"parse_id_token" is deprecated, use JWT instead.', 0.8) claims = jwt.decode(id_token, key) return claims, claims.header
def test_encode_datetime(self): now = datetime.datetime.utcnow() id_token = jwt.encode({'alg': 'HS256'}, {'exp': now}, 'k') claims = jwt.decode(id_token, 'k') self.assertIsInstance(claims.exp, int)