def _verify(self, key, audience): # pylint:disable=too-complex if self.expiry - self.not_before > self.MAX_LIFETIME: raise InvalidGrantError("Grant token lifetime is too long.") try: jwt.decode( self._token, algorithms=["HS256"], audience=audience, key=key, leeway=self.LEEWAY, ) except TypeError as err: raise InvalidClientError("Client is invalid.") from err except jwt.DecodeError as err: raise InvalidGrantError("Invalid grant token signature.") from err except jwt.exceptions.InvalidAlgorithmError as err: raise InvalidGrantError( "Invalid grant token signature algorithm.") from err except jwt.MissingRequiredClaimError as err: if err.claim == "aud": raise errors.MissingJWTGrantTokenClaimError( "aud", "audience") from err raise errors.MissingJWTGrantTokenClaimError(err.claim) from err except jwt.InvalidAudienceError as err: raise errors.InvalidJWTGrantTokenClaimError("aud", "audience") from err except jwt.ImmatureSignatureError as err: raise InvalidGrantError("Grant token is not yet valid.") from err except jwt.ExpiredSignatureError as err: raise InvalidGrantError("Grant token is expired.") from err except jwt.InvalidIssuedAtError as err: raise InvalidGrantError( "Grant token issue time (iat) is in the future.") from err
def _verify(self, key, audience): if self.expiry - self.not_before > self.MAX_LIFETIME: raise InvalidGrantError('Grant token lifetime is too long.') try: jwt.decode(self._token, algorithms=['HS256'], audience=audience, key=key, leeway=self.LEEWAY) except TypeError: raise InvalidClientError('Client is invalid.') except jwt.DecodeError: raise InvalidGrantError('Invalid grant token signature.') except jwt.exceptions.InvalidAlgorithmError: raise InvalidGrantError('Invalid grant token signature algorithm.') except jwt.MissingRequiredClaimError as exc: if exc.claim == 'aud': raise errors.MissingJWTGrantTokenClaimError('aud', 'audience') else: raise errors.MissingJWTGrantTokenClaimError(exc.claim) except jwt.InvalidAudienceError: raise errors.InvalidJWTGrantTokenClaimError('aud', 'audience') except jwt.ImmatureSignatureError: raise InvalidGrantError('Grant token is not yet valid.') except jwt.ExpiredSignatureError: raise InvalidGrantError('Grant token is expired.') except jwt.InvalidIssuedAtError: raise InvalidGrantError( 'Grant token issue time (iat) is in the future.')
def _timestamp_claim(self, key, description): claim = self._claims.get(key, None) if claim is None: raise errors.MissingJWTGrantTokenClaimError(key, description) try: return datetime.datetime.utcfromtimestamp(claim) except (TypeError, ValueError): raise errors.InvalidJWTGrantTokenClaimError(key, description)
def issuer(self): iss = self._claims.get('iss', None) if not iss: raise errors.MissingJWTGrantTokenClaimError('iss', 'issuer') return iss
def subject(self): sub = self._claims.get('sub', None) if not sub: raise errors.MissingJWTGrantTokenClaimError('sub', 'subject') return sub
def issuer(self): iss = self._claims.get("iss", None) if not iss: raise errors.MissingJWTGrantTokenClaimError("iss", "issuer") return iss
def subject(self): sub = self._claims.get("sub", None) if not sub: raise errors.MissingJWTGrantTokenClaimError("sub", "subject") return sub