aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-07-26 16:57:10 -0500
committerFrederick Muriuki Muriithi2024-07-31 09:30:27 -0500
commit00e21e4a02cd6718a466f4f26f62fc790c1ada3a (patch)
tree4155184ceac92431b23073d8fad5ce9ce2696ff9
parent8bf4ab2832cabc68aed97ae4f08daac3a2c3fe40 (diff)
downloadgn-auth-00e21e4a02cd6718a466f4f26f62fc790c1ada3a.tar.gz
Authenticate JWTs using all available keys.
-rw-r--r--gn_auth/auth/authentication/oauth2/resource_server.py17
1 files changed, 14 insertions, 3 deletions
diff --git a/gn_auth/auth/authentication/oauth2/resource_server.py b/gn_auth/auth/authentication/oauth2/resource_server.py
index 6ebaecb..c228a07 100644
--- a/gn_auth/auth/authentication/oauth2/resource_server.py
+++ b/gn_auth/auth/authentication/oauth2/resource_server.py
@@ -3,8 +3,7 @@ from datetime import datetime, timezone, timedelta
from flask import current_app as app
-from authlib.jose import KeySet
-from authlib.oauth2.rfc7523 import JWTBearerTokenValidator as _JWTBearerTokenValidator
+from authlib.jose import jwt, KeySet, JoseError
from authlib.oauth2.rfc6750 import BearerTokenValidator as _BearerTokenValidator
from authlib.integrations.flask_oauth2 import ResourceProtector
@@ -46,7 +45,19 @@ class JWTBearerTokenValidator(_JWTBearerTokenValidator):
def authenticate_token(self, token_string: str):
self.__refresh_jwks__()
- return super().authenticate_token(token_string)
+ for key in self.public_key.keys:
+ try:
+ claims = jwt.decode(
+ token_string, key,
+ claims_options=self.claims_options,
+ claims_cls=self.token_cls,
+ )
+ claims.validate()
+ return claims
+ except JoseError as error:
+ app.logger.debug('Authenticate token failed. %r', error)
+
+ return None
require_oauth = ResourceProtector()