Browse Source

fix: use jwcrypto and remove python-jose

pull/531/head
Nathan Furnal 8 months ago
parent
commit
26ce311551
  1. 13
      src/keycloak/keycloak_openid.py
  2. 4
      tests/test_keycloak_admin.py

13
src/keycloak/keycloak_openid.py

@ -30,7 +30,7 @@ class to handle authentication and token manipulation.
import json
from typing import Optional
from jose import jwt
from jwcrypto import jwk, jwt
from .authorization import Authorization
from .connection import ConnectionManager
@ -539,7 +539,16 @@ class KeycloakOpenID:
:returns: Decoded token
:rtype: dict
"""
return jwt.decode(token, key, algorithms=algorithms, audience=self.client_id, **kwargs)
# To keep the same API, we map the python-jose options to our claims for jwcrypto
# Per the jwcrypto dev, `exp` and `nbf` are always checked
options = kwargs.get("options", {})
check_claims = {}
if options.get("verify_aud") is True:
check_claims["aud"] = self.client_id
k = jwk.JWK.from_pem(key.encode("utf-8"))
full_jwt = jwt.JWT(jwt=token, key=k, algs=algorithms, check_claims=check_claims)
return jwt.json_decode(full_jwt.claims)
def load_authorization_config(self, path):
"""Load Keycloak settings (authorization).

4
tests/test_keycloak_admin.py

@ -1638,9 +1638,7 @@ def test_client_roles(admin: KeycloakAdmin, client: str):
# Test update client role
res = admin.update_client_role(
client_id=client,
role_name="client-role-test",
payload={"name": "client-role-test-update"},
client_id=client, role_name="client-role-test", payload={"name": "client-role-test-update"}
)
assert res == dict()
with pytest.raises(KeycloakPutError) as err:

Loading…
Cancel
Save