aboutsummaryrefslogtreecommitdiff
path: root/gn3/oauth2/authorisation.py
blob: 38644553aa3432ed70dbf96378812ecbc427119a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
"""Handle authorisation with auth server."""
from functools import wraps

from authlib.jose import jwt
from flask import request, jsonify, current_app as app

from gn3.oauth2 import jwks
from gn3.oauth2.errors import TokenValidationError

def require_token(func):
    """Check for and verify bearer token."""
    @wraps(func)
    def __auth__(*args, **kwargs):
        try:
            bearer = request.headers.get("Authorization", "")
            if bearer.startswith("Bearer"):
                # validate token and return it
                _extra, token = [item.strip() for item in bearer.split(" ")]
                _jwt = jwks.validate_token(
                    token,
                    jwks.fetch_jwks(app.config["AUTH_SERVER_URL"],
                                    "auth/public-jwks"))
                return func(*args, **{**kwargs, "auth_token": {"access_token": token, "jwt": _jwt}})
            error_message = "We expected a bearer token but did not get one."
        except TokenValidationError as _tve:
            app.logger.debug("Token validation failed.", exc_info=True)
            error_message = "The token was found to be invalid."

        return jsonify({
            "error": "TokenValidationError",
            "description": error_message
        }), 400

    return __auth__