77from auth0 .v3 .exceptions import TokenValidationError
88
99
10- class SignatureVerifier ():
10+ class SignatureVerifier (object ):
1111 DISABLE_JWT_CHECKS = {
1212 "verify_signature" : True ,
1313 "verify_exp" : False ,
@@ -108,7 +108,7 @@ def _fetch_key(self, key_id=None):
108108 return self ._fetcher .get_key (key_id )
109109
110110
111- class JwksFetcher ():
111+ class JwksFetcher (object ):
112112 CACHE_TTL = 600 # 10 min cache lifetime
113113
114114 """Class that fetches and holds a JSON web key set.
@@ -240,21 +240,31 @@ def verify(self, token, nonce=None, max_age=None):
240240 payload = self ._sv .verify_signature (token )
241241
242242 # Verify claims
243- # Issuer
243+ self . _verify_payload ( payload , nonce , max_age )
244244
245- if 'iss' not in payload or not isinstance (payload ['iss' ], str ):
245+ def _verify_payload (self , payload , nonce = None , max_age = None ):
246+ try :
247+ # on Python 2.7, 'str' keys as parsed as 'unicode'
248+ # But 'unicode' was removed on Python 3.7
249+ # noinspection PyUnresolvedReferences
250+ ustr = unicode
251+ except NameError :
252+ ustr = str
253+
254+ # Issuer
255+ if 'iss' not in payload or not isinstance (payload ['iss' ], (str , ustr )):
246256 raise TokenValidationError ('Issuer (iss) claim must be a string present in the ID token' )
247257 if payload ['iss' ] != self .iss :
248258 raise TokenValidationError (
249259 'Issuer (iss) claim mismatch in the ID token; expected "{}", '
250260 'found "{}"' .format (self .iss , payload ['iss' ]))
251261
252262 # Subject
253- if 'sub' not in payload or not isinstance (payload ['sub' ], str ):
263+ if 'sub' not in payload or not isinstance (payload ['sub' ], ( str , ustr ) ):
254264 raise TokenValidationError ('Subject (sub) claim must be a string present in the ID token' )
255265
256266 # Audience
257- if 'aud' not in payload or not (isinstance (payload ['aud' ], str ) or isinstance (payload ['aud' ], list )):
267+ if 'aud' not in payload or not (isinstance (payload ['aud' ], ( str , ustr ) ) or isinstance (payload ['aud' ], list )):
258268 raise TokenValidationError (
259269 'Audience (aud) claim must be a string or array of strings present in the ID token' )
260270
@@ -263,7 +273,7 @@ def verify(self, token, nonce=None, max_age=None):
263273 raise TokenValidationError (
264274 'Audience (aud) claim mismatch in the ID token; expected "{}" but was '
265275 'not one of "{}"' .format (self .aud , payload_audiences ))
266- elif isinstance (payload ['aud' ], str ) and payload ['aud' ] != self .aud :
276+ elif isinstance (payload ['aud' ], ( str , ustr ) ) and payload ['aud' ] != self .aud :
267277 raise TokenValidationError (
268278 'Audience (aud) claim mismatch in the ID token; expected "{}" '
269279 'but found "{}"' .format (self .aud , payload ['aud' ]))
@@ -294,7 +304,7 @@ def verify(self, token, nonce=None, max_age=None):
294304
295305 # Nonce
296306 if nonce :
297- if 'nonce' not in payload or not isinstance (payload ['nonce' ], str ):
307+ if 'nonce' not in payload or not isinstance (payload ['nonce' ], ( str , ustr ) ):
298308 raise TokenValidationError ('Nonce (nonce) claim must be a string present in the ID token' )
299309 if payload ['nonce' ] != nonce :
300310 raise TokenValidationError (
@@ -303,7 +313,7 @@ def verify(self, token, nonce=None, max_age=None):
303313
304314 # Authorized party
305315 if isinstance (payload ['aud' ], list ) and len (payload ['aud' ]) > 1 :
306- if 'azp' not in payload or not isinstance (payload ['azp' ], str ):
316+ if 'azp' not in payload or not isinstance (payload ['azp' ], ( str , ustr ) ):
307317 raise TokenValidationError (
308318 'Authorized Party (azp) claim must be a string present in the ID token when '
309319 'Audience (aud) claim has multiple values' )
0 commit comments