Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[SDK-3175] Return token claims in TokenVerifier.verify() #273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Mar 9, 2022
Merged

[SDK-3175] Return token claims in TokenVerifier.verify() #273

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a4c9c06
Update token_verifier.py
bisguzar Apr 25, 2021
f742dca
Update token_verifier.py
bisguzar May 28, 2021
5cf6553
Merge branch 'master' into patch-1
evansims Mar 9, 2022
6641d0d
Add test coverage
evansims Mar 9, 2022
d7e4078
Update method documentation for new return type
evansims Mar 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions auth0/v3/authentication/token_verifier.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,9 @@ def verify(self, token, nonce=None, max_age=None, organization=None):
organization (str, optional): The expected organization ID (org_id) claim value. This should be specified
when logging in to an organization.

Returns:
the decoded payload from the token

Raises:
TokenValidationError: when the token cannot be decoded, the token signing algorithm is not the expected one,
the token signature is invalid or the token has a claim missing or with unexpected value.
Expand All @@ -244,6 +247,8 @@ def verify(self, token, nonce=None, max_age=None, organization=None):
# Verify claims
self._verify_payload(payload, nonce, max_age, organization)

return payload

def _verify_payload(self, payload, nonce=None, max_age=None, organization=None):
try:
# on Python 2.7, 'str' keys as parsed as 'unicode'
Expand Down
22 changes: 20 additions & 2 deletions auth0/v3/test/authentication/test_token_verifier.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -390,7 +390,7 @@ def test_passes_when_org_present_and_matches(self):
audience=expectations['audience']
)
tv._clock = MOCKED_CLOCK
tv.verify(token, organization='org_123')
tv.verify(token, organization='org_123')

def test_fails_when_org_specified_but_not_present(self):
token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhdXRoMHxzZGs0NThma3MiLCJhdWQiOiJ0b2tlbnMtdGVzdC0xMjMiLCJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJleHAiOjE1ODc3NjUzNjEsImlhdCI6MTU4NzU5MjU2MX0.wotJnUdD5IfdZMewF_-BnHc0pI56uwzwr5qaSXvSu9w"
Expand All @@ -402,4 +402,22 @@ def test_fails_when_org_specified_but_not_(self):

def test_fails_when_org_specified_but_does_not_match(self):
token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhdXRoMHxzZGs0NThma3MiLCJhdWQiOiJ0b2tlbnMtdGVzdC0xMjMiLCJvcmdfaWQiOiJvcmdfMTIzIiwiaXNzIjoiaHR0cHM6Ly90b2tlbnMtdGVzdC5hdXRoMC5jb20vIiwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjF9.hjSPgJpg0Dn2z0giCdGqVLD5Kmqy_yMYlSkgwKD7ahQ"
self.assert_fails_with_error(token, 'Organization (org_id) claim mismatch in the ID token; expected "org_abc", found "org_123"', signature_verifier=SymmetricSignatureVerifier(HMAC_SHARED_SECRET), organization='org_abc')
self.assert_fails_with_error(token, 'Organization (org_id) claim mismatch in the ID token; expected "org_abc", found "org_123"', signature_verifier=SymmetricSignatureVerifier(HMAC_SHARED_SECRET), organization='org_abc')

def test_verify_returns_payload(self):
token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhdXRoMHxzZGs0NThma3MiLCJhdWQiOiJ0b2tlbnMtdGVzdC0xMjMiLCJvcmdfaWQiOiJvcmdfMTIzIiwiaXNzIjoiaHR0cHM6Ly90b2tlbnMtdGVzdC5hdXRoMC5jb20vIiwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjF9.hjSPgJpg0Dn2z0giCdGqVLD5Kmqy_yMYlSkgwKD7ahQ"
sv = SymmetricSignatureVerifier(HMAC_SHARED_SECRET)
tv = TokenVerifier(
signature_verifier=sv,
issuer=expectations['issuer'],
audience=expectations['audience']
)
tv._clock = MOCKED_CLOCK
response = tv.verify(token)
self.assertIn('sub', response);
self.assertIn('aud', response);
self.assertIn('org_id', response);
self.assertIn('iss', response);
self.assertIn('exp', response);
self.assertIn('iat', response);
self.assertEqual('org_123', response['org_id'])