diff options
author | Frederick Muriuki Muriithi | 2024-07-26 16:57:10 -0500 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-07-31 09:30:27 -0500 |
commit | 00e21e4a02cd6718a466f4f26f62fc790c1ada3a (patch) | |
tree | 4155184ceac92431b23073d8fad5ce9ce2696ff9 | |
parent | 8bf4ab2832cabc68aed97ae4f08daac3a2c3fe40 (diff) | |
download | gn-auth-00e21e4a02cd6718a466f4f26f62fc790c1ada3a.tar.gz |
Authenticate JWTs using all available keys.
-rw-r--r-- | gn_auth/auth/authentication/oauth2/resource_server.py | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/gn_auth/auth/authentication/oauth2/resource_server.py b/gn_auth/auth/authentication/oauth2/resource_server.py index 6ebaecb..c228a07 100644 --- a/gn_auth/auth/authentication/oauth2/resource_server.py +++ b/gn_auth/auth/authentication/oauth2/resource_server.py @@ -3,8 +3,7 @@ from datetime import datetime, timezone, timedelta from flask import current_app as app -from authlib.jose import KeySet -from authlib.oauth2.rfc7523 import JWTBearerTokenValidator as _JWTBearerTokenValidator +from authlib.jose import jwt, KeySet, JoseError from authlib.oauth2.rfc6750 import BearerTokenValidator as _BearerTokenValidator from authlib.integrations.flask_oauth2 import ResourceProtector @@ -46,7 +45,19 @@ class JWTBearerTokenValidator(_JWTBearerTokenValidator): def authenticate_token(self, token_string: str): self.__refresh_jwks__() - return super().authenticate_token(token_string) + for key in self.public_key.keys: + try: + claims = jwt.decode( + token_string, key, + claims_options=self.claims_options, + claims_cls=self.token_cls, + ) + claims.validate() + return claims + except JoseError as error: + app.logger.debug('Authenticate token failed. %r', error) + + return None require_oauth = ResourceProtector() |