本文整理匯總了Python中jose.jwt.JWTClaimsError方法的典型用法代碼示例。如果您正苦於以下問題:Python jwt.JWTClaimsError方法的具體用法?Python jwt.JWTClaimsError怎麽用?Python jwt.JWTClaimsError使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類jose.jwt
的用法示例。
在下文中一共展示了jwt.JWTClaimsError方法的3個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: validate_and_return_id_token
# 需要導入模塊: from jose import jwt [as 別名]
# 或者: from jose.jwt import JWTClaimsError [as 別名]
def validate_and_return_id_token(self, id_token, access_token):
"""
Validates the id_token according to the steps at
http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation.
"""
key = self.find_valid_key(id_token)
if not key:
raise AuthTokenError(self, "Signature verification failed")
alg = key["alg"]
rsa_key = jwk.construct(key)
k = {
"alg": rsa_key._algorithm, # pylint: disable=protected-access
"kty": "oct",
"k": base64.urlsafe_b64encode(rsa_key.prepared_key)
.rstrip(b"=")
.decode("utf-8"),
}
try:
claims = jwt.decode(
id_token,
k,
algorithms=[alg],
audience=self.setting("KEY"),
issuer=self.id_token_issuer(),
options=self.JWT_DECODE_OPTIONS,
)
except ExpiredSignatureError:
raise AuthTokenError(self, "Signature has expired")
except JWTClaimsError as error:
raise AuthTokenError(self, str(error))
except JWTError:
raise AuthTokenError(self, "Invalid signature")
self.validate_claims(claims)
示例2: requires_auth
# 需要導入模塊: from jose import jwt [as 別名]
# 或者: from jose.jwt import JWTClaimsError [as 別名]
def requires_auth(f):
"""Determines if the Access Token is valid
"""
@wraps(f)
def decorated(*args, **kwargs):
token = get_token_auth_header()
jsonurl = urlopen("https://" + AUTH0_DOMAIN + "/.well-known/jwks.json")
jwks = json.loads(jsonurl.read())
unverified_header = jwt.get_unverified_header(token)
rsa_key = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"],
}
if rsa_key:
try:
payload = jwt.decode(
token,
rsa_key,
algorithms=ALGORITHMS,
audience=API_AUDIENCE,
issuer="https://" + AUTH0_DOMAIN + "/",
)
except jwt.ExpiredSignatureError:
abort(401, "Authorization token is expired")
except jwt.JWTClaimsError:
abort(
401,
"Authorization claim is incorrect, please check audience and issuer",
)
except Exception:
abort(401, "Authorization header cannot be parsed")
_request_ctx_stack.top.current_user = payload
return f(*args, **kwargs)
else:
abort(401, "Authorization error, unable to find appropriate key")
return decorated
示例3: requires_auth
# 需要導入模塊: from jose import jwt [as 別名]
# 或者: from jose.jwt import JWTClaimsError [as 別名]
def requires_auth(f):
"""Determines if the access token is valid
"""
@wraps(f)
def decorated(*args, **kwargs):
token = get_token_auth_header()
jsonurl = urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
jwks = json.loads(jsonurl.read())
try:
unverified_header = jwt.get_unverified_header(token)
except jwt.JWTError:
raise AuthError({"code": "invalid_header",
"description":
"Invalid header. "
"Use an RS256 signed JWT Access Token"}, 401)
if unverified_header["alg"] == "HS256":
raise AuthError({"code": "invalid_header",
"description":
"Invalid header. "
"Use an RS256 signed JWT Access Token"}, 401)
rsa_key = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"]
}
if rsa_key:
try:
payload = jwt.decode(
token,
rsa_key,
algorithms=ALGORITHMS,
audience=API_IDENTIFIER,
issuer="https://"+AUTH0_DOMAIN+"/"
)
except jwt.ExpiredSignatureError:
raise AuthError({"code": "token_expired",
"description": "token is expired"}, 401)
except jwt.JWTClaimsError:
raise AuthError({"code": "invalid_claims",
"description":
"incorrect claims,"
" please check the audience and issuer"}, 401)
except Exception:
raise AuthError({"code": "invalid_header",
"description":
"Unable to parse authentication"
" token."}, 401)
_request_ctx_stack.top.current_user = payload
return f(*args, **kwargs)
raise AuthError({"code": "invalid_header",
"description": "Unable to find appropriate key"}, 401)
return decorated
# Controllers API