Change PyJWT for python-jose

7 years ago · 8dd78aae1a
4 changed files with 14 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -22,6 +22,7 @@ python-keycloak depends on:

 * Python 3
 * [requests](http://docs.python-requests.org/en/master/)
+* [python-jose](http://python-jose.readthedocs.io/en/latest/)

 ### Tests Dependencies

@ -78,4 +79,9 @@ token_rpt_info = keycloak.instropect(keycloak.instropect(token['access_token'],
 # Instropect Token
 token_info = keycloak.instropect(token['access_token']))

+# Decode Token
+KEYCLOAK_PUBLIC_KEY = "secret"
+options = {"verify_signature": True, "verify_aud": True, "exp": True}
+token_info = keycloak.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)
+
 ```
--- a/keycloak/init.py
+++ b/keycloak/init.py
@ -21,7 +21,7 @@ from .exceptions import raise_error_from_response, KeycloakGetError, KeycloakSec
 from .urls_patterns import URL_AUTH, URL_TOKEN, URL_USERINFO, URL_WELL_KNOWN, URL_LOGOUT, \
    URL_CERTS, URL_ENTITLEMENT, URL_INTROSPECT
 from .connection import ConnectionManager
-import jwt
+from jose import jwt


 class Keycloak:
@ -69,7 +69,7 @@ class Keycloak:
        """
        return NotImplemented

-    def token(self, username, password, grant_type=["password",]):
+    def token(self, username, password, grant_type=["password"]):
        """
        The token endpoint is used to obtain tokens. Tokens can either be obtained by
        exchanging an authorization code or by supplying credentials directly depending on
@ -186,7 +186,7 @@ class Keycloak:

        return raise_error_from_response(data_raw, KeycloakGetError)

-    def decode_token(self, token, secret='', verify=False, algorithms=['RS256']):
+    def decode_token(self, token, key, algorithms=['RS256'], **kwargs):
        """
        A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
        structure that represents a cryptographic key.  This specification
@ -198,16 +198,10 @@ class Keycloak:
        https://tools.ietf.org/html/rfc7517

        :param token:
-        :param secret:
-        :param verify:
+        :param key:
        :param algorithms:
        :return:
        """

-        if verify:
-            if secret:
-                return jwt.decode(token, secret=secret, verify=verify, algorithms=algorithms)
-
-            raise KeycloakSecretNotFound("Can't found secret key.")
-
-        return jwt.decode(token, verify=verify, algorithms=algorithms)
+        return jwt.decode(token, key, algorithms=algorithms,
+                          audience=self.__client_id, **kwargs)
--- a/requirements.txt
+++ b/requirements.txt
@ -1,3 +1,3 @@
 requests==2.18.3
 httmock==1.2.5
-PyJWT==1.5.2
+python-jose==1.3.2
--- a/setup.py
+++ b/setup.py
@ -12,7 +12,7 @@ setup(
    keywords='keycloak openid',
    description=u'python-keycloak is a Python package providing access to the Keycloak API.',
    packages=['keycloak'],
-    install_requires=['requests==2.18.3', 'httmock==1.2.5', 'PyJWT==1.5.2'],
+    install_requires=['requests==2.18.3', 'httmock==1.2.5', 'python-jose==1.3.2'],
    classifiers=[
        'Programming Language :: Python :: 3',
        'License :: OSI Approved :: GNU General Public License v3 (GPLv3)',