def verify_jwt(auth_header, secret):
"""Extract the jwt token from the header, verify its signature,
its expiration time, and return the payload."""
if not auth_header or auth_header == 'null':
logging.warning("No Authorization header")
return [None, "Unauthorized access: missing authentication"]
method,token = auth_header.split() # separate 'JWT' from the jwt itself
token = bytes(token, 'utf-8')
try:
payload = jwt.decode(token, secret, algorithms=['HS256'], verify=True)
except (jwt.ExpiredSignatureError, jwt.DecodeError) as err:
return [None, str(err)]
return [payload, '']
评论列表
文章目录
