[Python-modules-commits] [python-social-auth] 27/131: Added support for passing kwargs to jwt.decode() when using OpenIdConnectAuth
Wolfgang Borgert
debacle at moszumanska.debian.org
Sat Dec 24 15:16:57 UTC 2016
This is an automated email from the git hooks/post-receive script.
debacle pushed a commit to tag v0.2.20
in repository python-social-auth.
commit 0233d9b21648f330b608e6025a015ec6e773132a
Author: Clinton Blackburn <clinton.blackburn at gmail.com>
Date: Sat Apr 23 17:30:17 2016 -0400
Added support for passing kwargs to jwt.decode() when using OpenIdConnectAuth
---
social/backends/open_id.py | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/social/backends/open_id.py b/social/backends/open_id.py
index 3ab5252..a6c6124 100644
--- a/social/backends/open_id.py
+++ b/social/backends/open_id.py
@@ -325,13 +325,19 @@ class OpenIdConnectAuth(BaseOAuth2):
http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation.
"""
client_id, _client_secret = self.get_key_and_secret()
- decryption_key = self.setting('ID_TOKEN_DECRYPTION_KEY')
+
+ decode_kwargs = {
+ 'algorithms': ['HS256'],
+ 'audience': client_id,
+ 'issuer': self.ID_TOKEN_ISSUER,
+ 'key': self.setting('ID_TOKEN_DECRYPTION_KEY'),
+ }
+ decode_kwargs.update(self.setting('ID_TOKEN_JWT_DECODE_KWARGS', {}))
+
try:
# Decode the JWT and raise an error if the secret is invalid or
# the response has expired.
- id_token = jwt_decode(id_token, decryption_key, audience=client_id,
- issuer=self.ID_TOKEN_ISSUER,
- algorithms=['HS256'])
+ id_token = jwt_decode(id_token, **decode_kwargs)
except InvalidTokenError as err:
raise AuthTokenError(self, err)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-social-auth.git
More information about the Python-modules-commits
mailing list