auth.py 文件源码

python
阅读 28 收藏 0 点赞 0 评论 0

项目:mozilla-django-oidc 作者: mozilla 项目源码 文件源码
def verify_token(self, token, **kwargs):
        """Validate the token signature."""
        nonce = kwargs.get('nonce')

        if self.OIDC_RP_SIGN_ALGO.startswith('RS'):
            key = self.OIDC_RP_IDP_SIGN_KEY
        else:
            key = self.OIDC_RP_CLIENT_SECRET

        # Verify the token
        verified_token = self._verify_jws(
            force_bytes(token),
            # Use smart_bytes here since the key string comes from settings.
            smart_bytes(key),
        )
        # The 'verified_token' will always be a byte string since it's
        # the result of base64.urlsafe_b64decode().
        # The payload is always the result of base64.urlsafe_b64decode().
        # In Python 3 and 2, that's always a byte string.
        # In Python3.6, the json.loads() function can accept a byte string
        # as it will automagically decode it to a unicode string before
        # deserializing https://bugs.python.org/issue17909
        token_nonce = json.loads(verified_token.decode('utf-8')).get('nonce')

        if import_from_settings('OIDC_USE_NONCE', True) and nonce != token_nonce:
            msg = 'JWT Nonce verification failed.'
            raise SuspiciousOperation(msg)
        return True
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号