Validate a JWT token retrieved from the EVE SSO. Ignores the `aud` claim in token due to avoid unexpected breaking changes to ESI. Args: jwt_token: A JWT token originating from the EVE SSO Returns dict: The contents of the validated J
(self, jwt_token)
| 232 | return res |
| 233 | |
| 234 | def validate_eve_jwt(self, jwt_token): |
| 235 | """Validate a JWT token retrieved from the EVE SSO. |
| 236 | |
| 237 | Ignores the `aud` claim in token due to avoid unexpected breaking |
| 238 | changes to ESI. |
| 239 | |
| 240 | Args: |
| 241 | jwt_token: A JWT token originating from the EVE SSO |
| 242 | Returns |
| 243 | dict: The contents of the validated JWT token if there are no |
| 244 | validation errors |
| 245 | """ |
| 246 | |
| 247 | try: |
| 248 | jwk_sets = self.jwks["keys"] |
| 249 | except KeyError as e: |
| 250 | raise GenericSsoError("Something went wrong when retrieving the JWK set. The returned " |
| 251 | "payload did not have the expected key {}. \nPayload returned " |
| 252 | "from the SSO looks like: {}".format(e, self.jwks)) |
| 253 | |
| 254 | jwk_set = next((item for item in jwk_sets if item["alg"] == "RS256")) |
| 255 | |
| 256 | try: |
| 257 | return jwt.decode( |
| 258 | jwt_token, |
| 259 | jwk_set, |
| 260 | algorithms=jwk_set["alg"], |
| 261 | issuer=[self.server_base.sso, "https://%s" % self.server_base.sso], |
| 262 | # ignore "aud" claim: https://tweetfleet.slack.com/archives/C30KX8UUX/p1648495011905969 |
| 263 | options={"verify_aud": False, "verify_exp": self.settings.get("enforceJwtExpiration")} |
| 264 | ) |
| 265 | except ExpiredSignatureError as e: |
| 266 | raise GenericSsoError("The JWT token has expired: {}".format(str(e))) |
| 267 | except JWTError as e: |
| 268 | raise GenericSsoError("The JWT signature was invalid: {}".format(str(e))) |
| 269 | except JWTClaimsError as e: |
| 270 | raise GenericSsoError("The issuer claim was not from login.eveonline.com or " |
| 271 | "https://login.eveonline.com: {}".format(str(e))) |
| 272 | |
| 273 | def _before_request(self, ssoChar): |
| 274 | if ssoChar: |
no test coverage detected