Return an instance of UserInfo from token's ``id_token``.
(
self, token, nonce, claims_options=None, claims_cls=None, leeway=120
)
| 37 | return UserInfo(data) |
| 38 | |
| 39 | def parse_id_token( |
| 40 | self, token, nonce, claims_options=None, claims_cls=None, leeway=120 |
| 41 | ): |
| 42 | """Return an instance of UserInfo from token's ``id_token``.""" |
| 43 | if "id_token" not in token: |
| 44 | return None |
| 45 | |
| 46 | claims_params = dict( |
| 47 | nonce=nonce, |
| 48 | client_id=self.client_id, |
| 49 | ) |
| 50 | |
| 51 | if claims_cls is None: |
| 52 | if "access_token" in token: |
| 53 | claims_params["access_token"] = token["access_token"] |
| 54 | claims_cls = CodeIDToken |
| 55 | else: |
| 56 | claims_cls = ImplicitIDToken |
| 57 | |
| 58 | metadata = self.load_server_metadata() |
| 59 | if claims_options is None and "issuer" in metadata: |
| 60 | claims_options = {"iss": {"values": [metadata["issuer"]]}} |
| 61 | |
| 62 | alg_values = metadata.get("id_token_signing_alg_values_supported") |
| 63 | |
| 64 | key_set = KeySet.import_key_set(self.fetch_jwk_set()) |
| 65 | try: |
| 66 | token = jwt.decode( |
| 67 | token["id_token"], |
| 68 | key=key_set, |
| 69 | algorithms=alg_values, |
| 70 | ) |
| 71 | except InvalidKeyIdError: |
| 72 | key_set = KeySet.import_key_set(self.fetch_jwk_set(force=True)) |
| 73 | token = jwt.decode( |
| 74 | token["id_token"], |
| 75 | key=key_set, |
| 76 | algorithms=alg_values, |
| 77 | ) |
| 78 | |
| 79 | claims = claims_cls(token.claims, token.header, claims_options, claims_params) |
| 80 | # https://github.com/authlib/authlib/issues/259 |
| 81 | if claims.get("nonce_supported") is False: |
| 82 | claims.params["nonce"] = None |
| 83 | |
| 84 | claims.validate(leeway=leeway) |
| 85 | return UserInfo(claims) |
| 86 | |
| 87 | def create_logout_url( |
| 88 | self, |