本文整理汇总了Python中jose.jwt.JWTError方法的典型用法代码示例。如果您正苦于以下问题:Python jwt.JWTError方法的具体用法?Python jwt.JWTError怎么用?Python jwt.JWTError使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类jose.jwt的用法示例。
在下文中一共展示了jwt.JWTError方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: middleware
# 需要导入模块: from jose import jwt [as 别名]
# 或者: from jose.jwt import JWTError [as 别名]
def middleware(self, request, handler):
token = request.headers.get('Authorization')
if token and token.startswith('Bearer'):
token = token[7:]
else:
token = request.rel_url.query.get('token')
if not token:
token = request.headers.get('token')
request.verified = False
if token:
try:
payload = self.decode(token)
request.verified = True
except jwt.JWTError:
raise web.HTTPUnauthorized()
else:
payload = {}
request.session = payload
return await handler(request) 示例2: get_current_user
# 需要导入模块: from jose import jwt [as 别名]
# 或者: from jose.jwt import JWTError [as 别名]
def get_current_user(
db: Session = Depends(get_db), token: str = Depends(reusable_oauth2)
) -> models.User:
try:
payload = jwt.decode(
token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]
)
token_data = schemas.TokenPayload(**payload)
except (jwt.JWTError, ValidationError):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Could not validate credentials",
)
user = crud.user.get(db, id=token_data.sub)
if not user:
raise HTTPException(status_code=404, detail="User not found")
return user 示例3: validate_and_return_id_token
# 需要导入模块: from jose import jwt [as 别名]
# 或者: from jose.jwt import JWTError [as 别名]
def validate_and_return_id_token(self, id_token, access_token):
"""
Validates the id_token according to the steps at
http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation.
"""
key = self.find_valid_key(id_token)
if not key:
raise AuthTokenError(self, "Signature verification failed")
alg = key["alg"]
rsa_key = jwk.construct(key)
k = {
"alg": rsa_key._algorithm, # pylint: disable=protected-access
"kty": "oct",
"k": base64.urlsafe_b64encode(rsa_key.prepared_key)
.rstrip(b"=")
.decode("utf-8"),
}
try:
claims = jwt.decode(
id_token,
k,
algorithms=[alg],
audience=self.setting("KEY"),
issuer=self.id_token_issuer(),
options=self.JWT_DECODE_OPTIONS,
)
except ExpiredSignatureError:
raise AuthTokenError(self, "Signature has expired")
except JWTClaimsError as error:
raise AuthTokenError(self, str(error))
except JWTError:
raise AuthTokenError(self, "Invalid signature")
self.validate_claims(claims) 示例4: verify_password_reset_token
# 需要导入模块: from jose import jwt [as 别名]
# 或者: from jose.jwt import JWTError [as 别名]
def verify_password_reset_token(token: str) -> Optional[str]:
try:
decoded_token = jwt.decode(token, settings.SECRET_KEY, algorithms=["HS256"])
return decoded_token["email"]
except jwt.JWTError:
return None 示例5: _get_jwt_public_key
# 需要导入模块: from jose import jwt [as 别名]
# 或者: from jose.jwt import JWTError [as 别名]
def _get_jwt_public_key(self, id_token: str) -> Optional[Dict[str, str]]:
"""Method to get the public key for JWT signing
Args:
id_token(str): The JSON Web Token received from the identity provider
Returns:
dict
"""
key_path = os.path.join(self.config.config['git']['working_directory'], '.labmanager', 'identity')
if not os.path.exists(key_path):
os.makedirs(key_path)
key_file = os.path.join(key_path, "jwks.json")
# Check for local cached key data
if os.path.exists(key_file):
with open(key_file, 'rt') as jwk_file:
jwks = json.load(jwk_file)
else:
try:
url = "https://" + self.config.config['auth']['provider_domain'] + "/.well-known/jwks.json"
response = requests.get(url)
except Exception as err:
logger.info(type(err))
logger.info(err)
raise AuthenticationError(str(err), 401)
if response.status_code != 200:
raise AuthenticationError("Failed to load public RSA key to validate Bearer token", 401)
jwks = response.json()
# Save for later use
if os.path.exists(key_path):
with open(key_file, 'wt') as jwk_file:
json.dump(jwks, jwk_file)
logger.info("Fetched RSA key from server and saved to disk")
# Load header
try:
unverified_header = jwt.get_unverified_header(id_token)
except jwt.JWTError as err:
raise AuthenticationError(str(err), 401)
rsa_key: dict = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"]
}
return rsa_key 示例6: requires_auth
# 需要导入模块: from jose import jwt [as 别名]
# 或者: from jose.jwt import JWTError [as 别名]
def requires_auth(f):
"""Determines if the access token is valid
"""
@wraps(f)
def decorated(*args, **kwargs):
token = get_token_auth_header()
jsonurl = urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
jwks = json.loads(jsonurl.read())
try:
unverified_header = jwt.get_unverified_header(token)
except jwt.JWTError:
raise AuthError({"code": "invalid_header",
"description":
"Invalid header. "
"Use an RS256 signed JWT Access Token"}, 401)
if unverified_header["alg"] == "HS256":
raise AuthError({"code": "invalid_header",
"description":
"Invalid header. "
"Use an RS256 signed JWT Access Token"}, 401)
rsa_key = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"]
}
if rsa_key:
try:
payload = jwt.decode(
token,
rsa_key,
algorithms=ALGORITHMS,
audience=API_IDENTIFIER,
issuer="https://"+AUTH0_DOMAIN+"/"
)
except jwt.ExpiredSignatureError:
raise AuthError({"code": "token_expired",
"description": "token is expired"}, 401)
except jwt.JWTClaimsError:
raise AuthError({"code": "invalid_claims",
"description":
"incorrect claims,"
" please check the audience and issuer"}, 401)
except Exception:
raise AuthError({"code": "invalid_header",
"description":
"Unable to parse authentication"
" token."}, 401)
_request_ctx_stack.top.current_user = payload
return f(*args, **kwargs)
raise AuthError({"code": "invalid_header",
"description": "Unable to find appropriate key"}, 401)
return decorated
# Controllers API