本文整理汇总了Python中jose.jwt.ExpiredSignatureError方法的典型用法代码示例。如果您正苦于以下问题:Python jwt.ExpiredSignatureError方法的具体用法?Python jwt.ExpiredSignatureError怎么用?Python jwt.ExpiredSignatureError使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类jose.jwt的用法示例。
在下文中一共展示了jwt.ExpiredSignatureError方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: validate_and_return_id_token
# 需要导入模块: from jose import jwt [as 别名]
# 或者: from jose.jwt import ExpiredSignatureError [as 别名]
def validate_and_return_id_token(self, id_token, access_token):
"""
Validates the id_token according to the steps at
http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation.
"""
key = self.find_valid_key(id_token)
if not key:
raise AuthTokenError(self, "Signature verification failed")
alg = key["alg"]
rsa_key = jwk.construct(key)
k = {
"alg": rsa_key._algorithm, # pylint: disable=protected-access
"kty": "oct",
"k": base64.urlsafe_b64encode(rsa_key.prepared_key)
.rstrip(b"=")
.decode("utf-8"),
}
try:
claims = jwt.decode(
id_token,
k,
algorithms=[alg],
audience=self.setting("KEY"),
issuer=self.id_token_issuer(),
options=self.JWT_DECODE_OPTIONS,
)
except ExpiredSignatureError:
raise AuthTokenError(self, "Signature has expired")
except JWTClaimsError as error:
raise AuthTokenError(self, str(error))
except JWTError:
raise AuthTokenError(self, "Invalid signature")
self.validate_claims(claims) 示例2: requires_auth
# 需要导入模块: from jose import jwt [as 别名]
# 或者: from jose.jwt import ExpiredSignatureError [as 别名]
def requires_auth(f):
"""Determines if the Access Token is valid
"""
@wraps(f)
def decorated(*args, **kwargs):
token = get_token_auth_header()
jsonurl = urlopen("https://" + AUTH0_DOMAIN + "/.well-known/jwks.json")
jwks = json.loads(jsonurl.read())
unverified_header = jwt.get_unverified_header(token)
rsa_key = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"],
}
if rsa_key:
try:
payload = jwt.decode(
token,
rsa_key,
algorithms=ALGORITHMS,
audience=API_AUDIENCE,
issuer="https://" + AUTH0_DOMAIN + "/",
)
except jwt.ExpiredSignatureError:
abort(401, "Authorization token is expired")
except jwt.JWTClaimsError:
abort(
401,
"Authorization claim is incorrect, please check audience and issuer",
)
except Exception:
abort(401, "Authorization header cannot be parsed")
_request_ctx_stack.top.current_user = payload
return f(*args, **kwargs)
else:
abort(401, "Authorization error, unable to find appropriate key")
return decorated 示例3: requires_auth
# 需要导入模块: from jose import jwt [as 别名]
# 或者: from jose.jwt import ExpiredSignatureError [as 别名]
def requires_auth(f):
"""Determines if the access token is valid
"""
@wraps(f)
def decorated(*args, **kwargs):
token = get_token_auth_header()
jsonurl = urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
jwks = json.loads(jsonurl.read())
try:
unverified_header = jwt.get_unverified_header(token)
except jwt.JWTError:
raise AuthError({"code": "invalid_header",
"description":
"Invalid header. "
"Use an RS256 signed JWT Access Token"}, 401)
if unverified_header["alg"] == "HS256":
raise AuthError({"code": "invalid_header",
"description":
"Invalid header. "
"Use an RS256 signed JWT Access Token"}, 401)
rsa_key = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"]
}
if rsa_key:
try:
payload = jwt.decode(
token,
rsa_key,
algorithms=ALGORITHMS,
audience=API_IDENTIFIER,
issuer="https://"+AUTH0_DOMAIN+"/"
)
except jwt.ExpiredSignatureError:
raise AuthError({"code": "token_expired",
"description": "token is expired"}, 401)
except jwt.JWTClaimsError:
raise AuthError({"code": "invalid_claims",
"description":
"incorrect claims,"
" please check the audience and issuer"}, 401)
except Exception:
raise AuthError({"code": "invalid_header",
"description":
"Unable to parse authentication"
" token."}, 401)
_request_ctx_stack.top.current_user = payload
return f(*args, **kwargs)
raise AuthError({"code": "invalid_header",
"description": "Unable to find appropriate key"}, 401)
return decorated
# Controllers API