MCPcopy
hub / github.com/authlib/authlib / parse_id_token

Method parse_id_token

authlib/integrations/base_client/sync_openid.py:39–85  ·  view source on GitHub ↗

Return an instance of UserInfo from token's ``id_token``.

(
        self, token, nonce, claims_options=None, claims_cls=None, leeway=120
    )

Source from the content-addressed store, hash-verified

37 return UserInfo(data)
38
39 def parse_id_token(
40 self, token, nonce, claims_options=None, claims_cls=None, leeway=120
41 ):
42 """Return an instance of UserInfo from token's ``id_token``."""
43 if "id_token" not in token:
44 return None
45
46 claims_params = dict(
47 nonce=nonce,
48 client_id=self.client_id,
49 )
50
51 if claims_cls is None:
52 if "access_token" in token:
53 claims_params["access_token"] = token["access_token"]
54 claims_cls = CodeIDToken
55 else:
56 claims_cls = ImplicitIDToken
57
58 metadata = self.load_server_metadata()
59 if claims_options is None and "issuer" in metadata:
60 claims_options = {"iss": {"values": [metadata["issuer"]]}}
61
62 alg_values = metadata.get("id_token_signing_alg_values_supported")
63
64 key_set = KeySet.import_key_set(self.fetch_jwk_set())
65 try:
66 token = jwt.decode(
67 token["id_token"],
68 key=key_set,
69 algorithms=alg_values,
70 )
71 except InvalidKeyIdError:
72 key_set = KeySet.import_key_set(self.fetch_jwk_set(force=True))
73 token = jwt.decode(
74 token["id_token"],
75 key=key_set,
76 algorithms=alg_values,
77 )
78
79 claims = claims_cls(token.claims, token.header, claims_options, claims_params)
80 # https://github.com/authlib/authlib/issues/259
81 if claims.get("nonce_supported") is False:
82 claims.params["nonce"] = None
83
84 claims.validate(leeway=leeway)
85 return UserInfo(claims)
86
87 def create_logout_url(
88 self,

Calls 7

fetch_jwk_setMethod · 0.95
UserInfoClass · 0.90
import_key_setMethod · 0.80
decodeMethod · 0.80
load_server_metadataMethod · 0.45
getMethod · 0.45
validateMethod · 0.45