Skip to content

Instantly share code, notes, and snippets.

@ShwetaRPawar
Created May 1, 2021 17:08
Show Gist options
  • Save ShwetaRPawar/d904f4ec293a43ae3ad1ce9ee7b221af to your computer and use it in GitHub Desktop.
Save ShwetaRPawar/d904f4ec293a43ae3ad1ce9ee7b221af to your computer and use it in GitHub Desktop.
from rest_framework.permissions import BasePermission
from jose import jwt as jose_jwt,jwk
import requests
from jose.utils import base64url_decode
class Authentication(BasePermission):
def has_permission(self, request, view):
def get_json(token_claims):
try:
jwt_url = token_claims['iss']+'/.well-known/jwks.json'
r = requests.get(jwt_url)
if r.status_code == 200:
jwks = r.json()
return jwks
else:
return {}
except Exception:
return {}
def get_unverified_claims_and_header(token):
try:
token_header = jose_jwt.get_unverified_header(token)
token_claims = jose_jwt.get_unverified_claims(token)
print('**', token_claims)
claims_json = get_json(token_claims)
return claims_json,token_claims, token_header
except Exception:
return {},{},{}
def check_headers_claims(claims_json, token_claims, token_header):
if claims_json=={} or token_claims=={} or token_header=={}:
return False
return True
def verify_signature(token_header, jwks, token):
try:
kid = token_header['kid']
# Search the JWKS for the proper public key
key_index = -1
for i in range(len(jwks['keys'])):
if kid == jwks['keys'][i]['kid']:
key_index = i
break
if key_index == -1:
return False
# print('Public key not found, can not verify token')
else:
# Convert public key
public_key = jwk.construct(jwks['keys'][key_index])
# Get claims and signature from token
claims, encoded_signature = token.rsplit('.', 1)
# Verify signature
decoded_signature = base64url_decode(
encoded_signature.encode('utf-8'))
if not public_key.verify(claims.encode("utf8"),
decoded_signature):
return False
else:
return True
except Exception:
return False
token = request.META.get('HTTP_AUTHORIZATION')
if token != None:
try:
claims_json, token_claims, token_header = get_unverified_claims_and_header(token)
if not check_headers_claims(claims_json, token_claims, token_header):
return False
except Exception as e:
return False
try:
verify_signature = verify_signature(token_header,claims_json,token)
return verify_signature
except Exception as e:
return False
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment