Verify JWT Decode

This commit is contained in:
pixeebot[bot] 2024-05-23 16:33:21 +00:00 committed by GitHub
parent b92cebc9ff
commit 3b5a255ec7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 3 additions and 4 deletions

View File

@ -192,8 +192,7 @@ class AuthenticationService:
str(current_app.secret_key),
algorithms=[SPIFF_GENERATED_JWT_ALGORITHM],
audience=SPIFF_GENERATED_JWT_AUDIENCE,
options={"verify_exp": False},
)
options={"verify_exp": True})
else:
algorithm = str(header.get("alg"))
json_key_configs = cls.jwks_public_key_for_key_id(authentication_identifier, key_id)
@ -412,7 +411,7 @@ class AuthenticationService:
def decode_auth_token(auth_token: str) -> dict[str, str | None]:
"""This is only used for debugging."""
try:
payload: dict[str, str | None] = jwt.decode(auth_token, options={"verify_signature": False})
payload: dict[str, str | None] = jwt.decode(auth_token, options={"verify_signature": True})
return payload
except jwt.ExpiredSignatureError as exception:
raise TokenExpiredError(

View File

@ -77,6 +77,6 @@ class TestOpenidBlueprint(BaseTest):
assert "id_token" in response.json
assert "refresh_token" in response.json
decoded_token = jwt.decode(response.json["id_token"], options={"verify_signature": False})
decoded_token = jwt.decode(response.json["id_token"], options={"verify_signature": True})
assert "iss" in decoded_token
assert "email" in decoded_token