add audience claim data to jwt

This commit is contained in:
Matthieu Lamalle 2020-01-24 15:07:30 +01:00
parent d78d581c65
commit ae6dfb2644
2 changed files with 10 additions and 3 deletions

View File

@ -11,6 +11,7 @@ URI = 'http://localhost'
PORT = 8080
JWT_SECRET = 'MY_SUPER_SECRET'
JWT_TOKEN_EXPIRE = 3600
JWT_TOKEN_AUDIENCE = "Risotto"
import os
from pathlib import PurePosixPath
@ -38,6 +39,7 @@ def get_config():
'jwt': {
'secret': JWT_SECRET,
'token_expire': JWT_TOKEN_EXPIRE,
'issuer': URI}
'issuer': URI,
'audience': JWT_TOKEN_AUDIENCE}
}

View File

@ -186,10 +186,12 @@ def gen_token(auth):
secret = get_config()['jwt']['secret']
expire = get_config()['jwt']['token_expire']
issuer = get_config()['jwt']['issuer']
audience = get_config()['jwt']['audience']
payload = {
'user': auth.login,
'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=expire),
'iss': issuer
'iss': issuer,
'aud': audience
}
token = jwt.encode(payload, secret, algorithm='HS256')
@ -214,12 +216,15 @@ def access_token(request):
def verify_token(token):
secret = get_config()['jwt']['secret']
issuer = get_config()['jwt']['issuer']
audience = get_config()['jwt']['audience']
try:
decoded = jwt.decode(token, secret, issuer=issuer, algorithms=['HS256'])
decoded = jwt.decode(token, secret, issuer=issuer, audience=audience, algorithms=['HS256'])
except jwt.ExpiredSignatureError:
raise HTTPUnauthorized(reason='Token Expired')
except jwt.InvalidIssuerError:
raise HTTPUnauthorized(reason='Token could not be verified')
except jwt.InvalidAudienceError:
raise HTTPUnauthorized(reason='Token audience not match')
return decoded
tiramisu = None