ShwetaRPawar/permissions.py

## permissions.py
from rest_framework.permissions import BasePermission
from jose import jwt as jose_jwt,jwk
import requests
from jose.utils import base64url_decode


class Authentication(BasePermission):
    def has_permission(self, request, view):
        def get_json(token_claims):
            try:
                jwt_url = token_claims['iss']+'/.well-known/jwks.json'
                r = requests.get(jwt_url)
                if r.status_code == 200:
                        jwks = r.json()
                        return jwks
                else:
                    return {}
            except Exception:
                return {}

        def get_unverified_claims_and_header(token):
            try:
                token_header = jose_jwt.get_unverified_header(token)
                token_claims = jose_jwt.get_unverified_claims(token)
                print('**', token_claims)
                claims_json = get_json(token_claims)
                return claims_json,token_claims, token_header
            except Exception:
                return {},{},{}

        def check_headers_claims(claims_json, token_claims, token_header):
            if claims_json=={} or token_claims=={} or token_header=={}:
                return False
            return True

        def verify_signature(token_header, jwks, token):
            try:
                kid = token_header['kid']
                # Search the JWKS for the proper public key
                key_index = -1
                for i in range(len(jwks['keys'])):
                    if kid == jwks['keys'][i]['kid']:
                        key_index = i
                        break
                if key_index == -1:
                    return False
                    # print('Public key not found, can not verify token')
                else:
                    # Convert public key
                    public_key = jwk.construct(jwks['keys'][key_index])
                    # Get claims and signature from token
                    claims, encoded_signature = token.rsplit('.', 1)
                    # Verify signature
                    decoded_signature = base64url_decode(
                            encoded_signature.encode('utf-8'))
                    if not public_key.verify(claims.encode("utf8"),
                                            decoded_signature):
                        return False
                    else:
                        return True
            except Exception:
                return False

        token = request.META.get('HTTP_AUTHORIZATION')
        if token != None:
            try:
                claims_json, token_claims, token_header = get_unverified_claims_and_header(token)
                if not check_headers_claims(claims_json, token_claims, token_header):
                    return False
            except Exception as e:
                return False
            try:
                verify_signature = verify_signature(token_header,claims_json,token)
                return verify_signature
            except Exception as e:
                return False
	from rest_framework.permissions import BasePermission
	from jose import jwt as jose_jwt,jwk
	import requests
	from jose.utils import base64url_decode


	class Authentication(BasePermission):
	def has_permission(self, request, view):
	def get_json(token_claims):
	try:
	jwt_url = token_claims['iss']+'/.well-known/jwks.json'
	r = requests.get(jwt_url)
	if r.status_code == 200:
	jwks = r.json()
	return jwks
	else:
	return {}
	except Exception:
	return {}

	def get_unverified_claims_and_header(token):
	try:
	token_header = jose_jwt.get_unverified_header(token)
	token_claims = jose_jwt.get_unverified_claims(token)
	print('**', token_claims)
	claims_json = get_json(token_claims)
	return claims_json,token_claims, token_header
	except Exception:
	return {},{},{}

	def check_headers_claims(claims_json, token_claims, token_header):
	if claims_json=={} or token_claims=={} or token_header=={}:
	return False
	return True

	def verify_signature(token_header, jwks, token):
	try:
	kid = token_header['kid']
	# Search the JWKS for the proper public key
	key_index = -1
	for i in range(len(jwks['keys'])):
	if kid == jwks['keys'][i]['kid']:
	key_index = i
	break
	if key_index == -1:
	return False
	# print('Public key not found, can not verify token')
	else:
	# Convert public key
	public_key = jwk.construct(jwks['keys'][key_index])
	# Get claims and signature from token
	claims, encoded_signature = token.rsplit('.', 1)
	# Verify signature
	decoded_signature = base64url_decode(
	encoded_signature.encode('utf-8'))
	if not public_key.verify(claims.encode("utf8"),
	decoded_signature):
	return False
	else:
	return True
	except Exception:
	return False

	token = request.META.get('HTTP_AUTHORIZATION')
	if token != None:
	try:
	claims_json, token_claims, token_header = get_unverified_claims_and_header(token)
	if not check_headers_claims(claims_json, token_claims, token_header):
	return False
	except Exception as e:
	return False
	try:
	verify_signature = verify_signature(token_header,claims_json,token)
	return verify_signature
	except Exception as e:
	return False