Commit cc87afa9 authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Try to read issuer from JWT access tokens

parent db8b87d0
import logging
import json
import jwt
from urllib.error import HTTPError
from urllib.request import Request, urlopen
......@@ -61,7 +62,19 @@ class OIDCTokenAuthBackend:
enabled=True,
)
# TODO OPTION 3: read 'iss' JWT
# OPTION 3: read 'iss' JWT
access_token = request.META['HTTP_AUTHORIZATION']
try:
data = jwt.decode(access_token)
if 'iss' in data:
return OIDCConfig.objects.get(
issuer_uri=data['iss'],
enabled=True,
)
LOGGER.debug("JWT access token does not contain iss field")
except jwt.exceptions.InvalidTokenError as exception: # base exception for jwt.decode
pass
raise OIDCConfig.DoesNotExist('Unable to determine IdP')
......
......@@ -9,3 +9,4 @@ django-nose==1.4.6
django_polymorphic==2.1.2
django-rest-polymorphic==0.1.8
mysqlclient==1.4.5
PyJWT==1.7.1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment