"""Handle authorisation with auth server.""" from functools import wraps from authlib.jose import jwt from flask import request, jsonify, current_app as app from gn3.oauth2 import jwks from gn3.oauth2.errors import TokenValidationError def require_token(func): """Check for and verify bearer token.""" @wraps(func) def __auth__(*args, **kwargs): try: bearer = request.headers.get("Authorization", "") if bearer.startswith("Bearer"): # validate token and return it _extra, token = [item.strip() for item in bearer.split(" ")] _jwt = jwks.validate_token( token, jwks.fetch_jwks(app.config["AUTH_SERVER_URL"], "auth/public-jwks")) return func(*args, **{**kwargs, "auth_token": {"access_token": token, "jwt": _jwt}}) error_message = "We expected a bearer token but did not get one." except TokenValidationError as _tve: app.logger.debug("Token validation failed.", exc_info=True) error_message = "The token was found to be invalid." return jsonify({ "error": "TokenValidationError", "description": error_message }), 400 return __auth__