From 00e21e4a02cd6718a466f4f26f62fc790c1ada3a Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Fri, 26 Jul 2024 16:57:10 -0500 Subject: Authenticate JWTs using all available keys. --- gn_auth/auth/authentication/oauth2/resource_server.py | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/gn_auth/auth/authentication/oauth2/resource_server.py b/gn_auth/auth/authentication/oauth2/resource_server.py index 6ebaecb..c228a07 100644 --- a/gn_auth/auth/authentication/oauth2/resource_server.py +++ b/gn_auth/auth/authentication/oauth2/resource_server.py @@ -3,8 +3,7 @@ from datetime import datetime, timezone, timedelta from flask import current_app as app -from authlib.jose import KeySet -from authlib.oauth2.rfc7523 import JWTBearerTokenValidator as _JWTBearerTokenValidator +from authlib.jose import jwt, KeySet, JoseError from authlib.oauth2.rfc6750 import BearerTokenValidator as _BearerTokenValidator from authlib.integrations.flask_oauth2 import ResourceProtector @@ -46,7 +45,19 @@ class JWTBearerTokenValidator(_JWTBearerTokenValidator): def authenticate_token(self, token_string: str): self.__refresh_jwks__() - return super().authenticate_token(token_string) + for key in self.public_key.keys: + try: + claims = jwt.decode( + token_string, key, + claims_options=self.claims_options, + claims_cls=self.token_cls, + ) + claims.validate() + return claims + except JoseError as error: + app.logger.debug('Authenticate token failed. %r', error) + + return None require_oauth = ResourceProtector() -- cgit v1.2.3