summaryrefslogtreecommitdiff
path: root/fbin/login.py
diff options
context:
space:
mode:
authorJon Bergli Heier <snakebite@jvnv.net>2021-08-15 12:43:41 +0200
committerJon Bergli Heier <snakebite@jvnv.net>2021-08-15 12:43:41 +0200
commit3f9e930748af4714a4e1ff58fc5aa8b382fa1515 (patch)
tree77e0594a6527f3fd7653d7429322ddc9807d41b7 /fbin/login.py
parente96bedf7477d392b8821f76ca85038c198c84375 (diff)
Add algorithms to jwt.decode calls
Diffstat (limited to 'fbin/login.py')
-rw-r--r--fbin/login.py9
1 files changed, 6 insertions, 3 deletions
diff --git a/fbin/login.py b/fbin/login.py
index 00f969d..b4b62d0 100644
--- a/fbin/login.py
+++ b/fbin/login.py
@@ -35,9 +35,11 @@ class BinUser:
return
try:
jwt.decode(token['access_token'], key=current_app.config['JWT_PUBLIC_KEY'],
- audience=current_app.config['OAUTH_CLIENT_ID'])
+ audience=current_app.config['OAUTH_CLIENT_ID'],
+ algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
jwt.decode(token['refresh_token'], key=current_app.config['JWT_PUBLIC_KEY'],
- audience=current_app.config['OAUTH_CLIENT_ID'])
+ audience=current_app.config['OAUTH_CLIENT_ID'],
+ algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
except jwt.InvalidTokenError:
traceback.print_exc()
flash('Failed to refresh authentication token (verification failed)', 'error')
@@ -57,7 +59,8 @@ class BinUser:
return True
try:
self.token = jwt.decode(self.user_session.access_token, key=current_app.config['JWT_PUBLIC_KEY'],
- audience=current_app.config['OAUTH_CLIENT_ID'])
+ audience=current_app.config['OAUTH_CLIENT_ID'],
+ algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
except jwt.ExpiredSignatureError:
try:
if not self.refresh_access_token():
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 13:21:15 +0200