Skip to content

Commit

Permalink
feat: make jwt options configurable
Browse files Browse the repository at this point in the history
  • Loading branch information
lchen-2101 committed Sep 21, 2023
1 parent 4742b53 commit 891112e
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 7 deletions.
3 changes: 2 additions & 1 deletion src/.env.local
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,5 @@ INST_DB_USER=fi
INST_DB_PWD=fi
INST_DB_HOST=localhost:5432
INST_DB_SCHEMA=public
INST_CONN=postgresql+asyncpg://${INST_DB_USER}:${INST_DB_PWD}@${INST_DB_HOST}/${INST_DB_NAME}
INST_CONN=postgresql+asyncpg://${INST_DB_USER}:${INST_DB_PWD}@${INST_DB_HOST}/${INST_DB_NAME}
JWT_OPTS=verify_at_hash:False,verify_aud:False,verify_iss:False
3 changes: 2 additions & 1 deletion src/.env.template
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,5 @@ INST_DB_USER=
INST_DB_PWD=
INST_DB_HOST=
INST_DB_SCHEMA=
INST_CONN=postgresql+asyncpg://${INST_DB_USER}:${INST_DB_PWD}@${INST_DB_HOST}/${INST_DB_NAME}
INST_CONN=postgresql+asyncpg://${INST_DB_USER}:${INST_DB_PWD}@${INST_DB_HOST}/${INST_DB_NAME}
JWT_OPTS=
29 changes: 24 additions & 5 deletions src/oauth2/oauth2_admin.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import ast
from http import HTTPStatus
import logging
import os
Expand All @@ -12,6 +13,28 @@
log = logging.getLogger(__name__)


def get_jwt_opts(opts_string: str) -> Dict[str, bool | int]:
"""
Parses out the opts_string into JWT options dictionary.
Args:
opts_string (str): comma separated key value pairs in the form of "key1:value1,key2:value2", valid options can be found here:

Check failure on line 21 in src/oauth2/oauth2_admin.py

View workflow job for this annotation

GitHub Actions / ruff

Ruff (E501)

src/oauth2/oauth2_admin.py:21:121: E501 Line too long (133 > 120 characters)
https://github.com/mpdavis/python-jose/blob/4b0701b46a8d00988afcc5168c2b3a1fd60d15d8/jose/jwt.py#L81
Returns:
dict: dictionary of options supported by jwt, mentioned in link above
"""
jwt_opts = {}
pairs = opts_string.split(",")
for pair in pairs:
[key, value] = pair.split(":", 1)
jwt_opts[key] = ast.literal_eval(value)
return jwt_opts


JWT_OPTS = get_jwt_opts(os.getenv("JWT_OPTS", ""))


class OAuth2Admin:
def __init__(self) -> None:
self._keys = None
Expand All @@ -30,11 +53,7 @@ def get_claims(self, token: str) -> Dict[str, str] | None:
key=self._get_keys(),
issuer=os.getenv("KC_REALM_URL"),
audience=os.getenv("AUTH_CLIENT"),
options={
"verify_at_hash": False,
"verify_aud": False,
"verify_iss": False,
},
options=JWT_OPTS,
)
except jose.ExpiredSignatureError:
pass
Expand Down

0 comments on commit 891112e

Please sign in to comment.