From 3f9e930748af4714a4e1ff58fc5aa8b382fa1515 Mon Sep 17 00:00:00 2001
From: Jon Bergli Heier <snakebite@jvnv.net>
Date: Sun, 15 Aug 2021 12:43:41 +0200
Subject: Add algorithms to jwt.decode calls

---
 fbin/api.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'fbin/api.py')

diff --git a/fbin/api.py b/fbin/api.py
index 5659b3a..dc7e1f8 100644
--- a/fbin/api.py
+++ b/fbin/api.py
@@ -31,7 +31,8 @@ def authenticate():
     if scheme != 'Bearer':
         abort(400)
     try:
-        token = jwt.decode(token, current_app.config['SECRET_KEY'], issuer=request.url_root)
+        token = jwt.decode(token, current_app.config['SECRET_KEY'], issuer=request.url_root,
+                algorithms=[current_app.config['API_JWT_ALGORITHM']])
     except jwt.InvalidTokenError:
         abort(403)
     try:
-- 
cgit v1.2.3