From 8dd78aae1a84d9421c6bc43c42b3c77566c2b7b4 Mon Sep 17 00:00:00 2001 From: Marcos Pereira Date: Mon, 21 Aug 2017 11:01:33 -0300 Subject: [PATCH] Change PyJWT for python-jose --- README.md | 6 ++++++ keycloak/__init__.py | 18 ++++++------------ requirements.txt | 2 +- setup.py | 2 +- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 31ddc16..72db52d 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ python-keycloak depends on: * Python 3 * [requests](http://docs.python-requests.org/en/master/) +* [python-jose](http://python-jose.readthedocs.io/en/latest/) ### Tests Dependencies @@ -78,4 +79,9 @@ token_rpt_info = keycloak.instropect(keycloak.instropect(token['access_token'], # Instropect Token token_info = keycloak.instropect(token['access_token'])) +# Decode Token +KEYCLOAK_PUBLIC_KEY = "secret" +options = {"verify_signature": True, "verify_aud": True, "exp": True} +token_info = keycloak.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options) + ``` \ No newline at end of file diff --git a/keycloak/__init__.py b/keycloak/__init__.py index d9e2093..186765d 100644 --- a/keycloak/__init__.py +++ b/keycloak/__init__.py @@ -21,7 +21,7 @@ from .exceptions import raise_error_from_response, KeycloakGetError, KeycloakSec from .urls_patterns import URL_AUTH, URL_TOKEN, URL_USERINFO, URL_WELL_KNOWN, URL_LOGOUT, \ URL_CERTS, URL_ENTITLEMENT, URL_INTROSPECT from .connection import ConnectionManager -import jwt +from jose import jwt class Keycloak: @@ -69,7 +69,7 @@ class Keycloak: """ return NotImplemented - def token(self, username, password, grant_type=["password",]): + def token(self, username, password, grant_type=["password"]): """ The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on @@ -186,7 +186,7 @@ class Keycloak: return raise_error_from_response(data_raw, KeycloakGetError) - def decode_token(self, token, secret='', verify=False, algorithms=['RS256']): + def decode_token(self, token, key, algorithms=['RS256'], **kwargs): """ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification @@ -198,16 +198,10 @@ class Keycloak: https://tools.ietf.org/html/rfc7517 :param token: - :param secret: - :param verify: + :param key: :param algorithms: :return: """ - if verify: - if secret: - return jwt.decode(token, secret=secret, verify=verify, algorithms=algorithms) - - raise KeycloakSecretNotFound("Can't found secret key.") - - return jwt.decode(token, verify=verify, algorithms=algorithms) \ No newline at end of file + return jwt.decode(token, key, algorithms=algorithms, + audience=self.__client_id, **kwargs) diff --git a/requirements.txt b/requirements.txt index 7b04afd..c901bab 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ requests==2.18.3 httmock==1.2.5 -PyJWT==1.5.2 \ No newline at end of file +python-jose==1.3.2 \ No newline at end of file diff --git a/setup.py b/setup.py index a3b2247..0b64cfb 100644 --- a/setup.py +++ b/setup.py @@ -12,7 +12,7 @@ setup( keywords='keycloak openid', description=u'python-keycloak is a Python package providing access to the Keycloak API.', packages=['keycloak'], - install_requires=['requests==2.18.3', 'httmock==1.2.5', 'PyJWT==1.5.2'], + install_requires=['requests==2.18.3', 'httmock==1.2.5', 'python-jose==1.3.2'], classifiers=[ 'Programming Language :: Python :: 3', 'License :: OSI Approved :: GNU General Public License v3 (GPLv3)',