def verify_token()

in source/token-authorizer/chalice/app.py [0:0]

• 17 lines of code
• 6 McCabe index (conditional complexity)

def verify_token(token, use='access'):
    """
    This function is responsible for verifying
    a JWT ID token contents
    """
    # get the verified claims
    verified_claims = verify_token_sig(token)
    if verified_claims:
        # verify the token expiration
        if time.time() > verified_claims.get('exp', 0):
            print('token is expired')
            return False
        # verify the app client id
        if verified_claims.get('aud', '') != WAITING_ROOM_EVENT_ID:
            print('token was not issued for this event')
            return False
        # verify the user pool uri
        if verified_claims.get('iss', '') != ISSUER:
            print('token from the wrong issuer')
            return False
        # verify the token use
        if verified_claims.get("token_use", "") != use:
            print(f'token was not issued for {use} use')
            return False
        return verified_claims
    return False