in gnm_deliverables/jwt_auth_backend.py [0:0]
def authenticate(self, request, **credentials):
token = credentials.get("token", None)
if token:
logger.debug("JwtAuth got token {0}".format(token))
if not str(settings.JWT_CERTIFICATE_PATH).startswith("http"):
public_key = self.load_local_public_key()
else:
public_key = self.load_remote_public_key(token)
try:
decoded = jwt.decode(token,
options={"verify_nbf": False},
key=public_key,
algorithms=["RS256"],
audience=getattr(settings, "JWT_EXPECTED_AUDIENCE", None),
issuer=getattr(settings, "JWT_EXPECTED_ISSUER", None))
logger.debug("JwtAuth success")
return User(
username=self._extract_username(decoded),
first_name=decoded.get("first_name"),
last_name=decoded.get("family_name"),
email=decoded.get("email"),
is_staff=True,
is_active=True,
is_superuser=True #until we have groups added in to the JWT claim
)
except jwt.exceptions.DecodeError as e:
logger.error("Could not decode provided JWT: {0}".format(e))
raise PermissionDenied()
except jwt.exceptions.ExpiredSignatureError:
logger.error("Token signature has expired")
except jwt.exceptions.InvalidAudienceError:
logger.error("Token was for another audience: {0}".format())
except Exception as e:
logger.error("Unexpected error decoding JWT: {0}".format(traceback.format_exc(e)))
raise PermissionDenied()