about summary refs log tree commit diff
path: root/gn_auth/auth/authentication/oauth2/resource_server.py
diff options
context:
space:
mode:
Diffstat (limited to 'gn_auth/auth/authentication/oauth2/resource_server.py')
-rw-r--r--gn_auth/auth/authentication/oauth2/resource_server.py11
1 files changed, 10 insertions, 1 deletions
diff --git a/gn_auth/auth/authentication/oauth2/resource_server.py b/gn_auth/auth/authentication/oauth2/resource_server.py
index 9c885e2..edab02c 100644
--- a/gn_auth/auth/authentication/oauth2/resource_server.py
+++ b/gn_auth/auth/authentication/oauth2/resource_server.py
@@ -1,4 +1,5 @@
 """Protect the resources endpoints"""
+import logging
 from datetime import datetime, timezone, timedelta
 
 from flask import current_app as app
@@ -16,6 +17,9 @@ from gn_auth.auth.authentication.oauth2.models.jwt_bearer_token import (
 from gn_auth.auth.authentication.oauth2.models.oauth2token import (
     token_by_access_token)
 
+logger = logging.getLogger(__name__)
+
+
 class BearerTokenValidator(_BearerTokenValidator):
     """Extends `authlib.oauth2.rfc6750.BearerTokenValidator`"""
     def authenticate_token(self, token_string: str):
@@ -43,6 +47,11 @@ class JWTBearerTokenValidator(_JWTBearerTokenValidator):
         self._last_jwks_update = datetime.now(tz=timezone.utc)
         self._refresh_frequency = timedelta(hours=int(
             extra_attributes.get("jwt_refresh_frequency_hours", 6)))
+        self.claims_options = {
+            'exp': {'essential': False},
+            'client_id': {'essential': True},
+            'grant_type': {'essential': True},
+        }
 
     def __refresh_jwks__(self):
         now = datetime.now(tz=timezone.utc)
@@ -61,7 +70,7 @@ class JWTBearerTokenValidator(_JWTBearerTokenValidator):
                 claims.validate()
                 return claims
             except JoseError as error:
-                app.logger.debug('Authenticate token failed. %r', error)
+                logger.debug('Authenticate token failed. %r', error)
 
         return None