diff options
author | Jon Bergli Heier <snakebite@jvnv.net> | 2021-08-15 12:43:41 +0200 |
---|---|---|
committer | Jon Bergli Heier <snakebite@jvnv.net> | 2021-08-15 12:43:41 +0200 |
commit | 3f9e930748af4714a4e1ff58fc5aa8b382fa1515 (patch) | |
tree | 77e0594a6527f3fd7653d7429322ddc9807d41b7 /fbin/fbin.py | |
parent | e96bedf7477d392b8821f76ca85038c198c84375 (diff) |
Add algorithms to jwt.decode calls
Diffstat (limited to 'fbin/fbin.py')
-rwxr-xr-x | fbin/fbin.py | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/fbin/fbin.py b/fbin/fbin.py index b062c9a..d0a5a9a 100755 --- a/fbin/fbin.py +++ b/fbin/fbin.py @@ -253,9 +253,11 @@ def auth(): return redirect(url_for('.index')) try: jwt.decode(token['access_token'], key=current_app.config['JWT_PUBLIC_KEY'], - audience=current_app.config['OAUTH_CLIENT_ID']) + audience=current_app.config['OAUTH_CLIENT_ID'], + algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']]) jwt.decode(token['refresh_token'], key=current_app.config['JWT_PUBLIC_KEY'], - audience=current_app.config['OAUTH_CLIENT_ID']) + audience=current_app.config['OAUTH_CLIENT_ID'], + algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']]) except jwt.InvalidTokenError as e: flash('Failed to verify token: {!s}'.format(e), 'error') return redirect(url_for('.index')) @@ -414,7 +416,7 @@ def generate_api_key(): 'nbf': now, 'sub': user_id, } - token = jwt.encode(data, current_app.config['SECRET_KEY']) + token = jwt.encode(data, current_app.config['SECRET_KEY'], algorithm=current_app.config['API_JWT_ALGORITHM']) return token |