From 3f9e930748af4714a4e1ff58fc5aa8b382fa1515 Mon Sep 17 00:00:00 2001
From: Jon Bergli Heier <snakebite@jvnv.net>
Date: Sun, 15 Aug 2021 12:43:41 +0200
Subject: Add algorithms to jwt.decode calls

---
 fbin/login.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'fbin/login.py')

diff --git a/fbin/login.py b/fbin/login.py
index 00f969d..b4b62d0 100644
--- a/fbin/login.py
+++ b/fbin/login.py
@@ -35,9 +35,11 @@ class BinUser:
             return
         try:
             jwt.decode(token['access_token'], key=current_app.config['JWT_PUBLIC_KEY'],
-                    audience=current_app.config['OAUTH_CLIENT_ID'])
+                    audience=current_app.config['OAUTH_CLIENT_ID'],
+                    algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
             jwt.decode(token['refresh_token'], key=current_app.config['JWT_PUBLIC_KEY'],
-                    audience=current_app.config['OAUTH_CLIENT_ID'])
+                    audience=current_app.config['OAUTH_CLIENT_ID'],
+                    algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
         except jwt.InvalidTokenError:
             traceback.print_exc()
             flash('Failed to refresh authentication token (verification failed)', 'error')
@@ -57,7 +59,8 @@ class BinUser:
             return True
         try:
             self.token = jwt.decode(self.user_session.access_token, key=current_app.config['JWT_PUBLIC_KEY'],
-                    audience=current_app.config['OAUTH_CLIENT_ID'])
+                    audience=current_app.config['OAUTH_CLIENT_ID'],
+                    algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
         except jwt.ExpiredSignatureError:
             try:
                 if not self.refresh_access_token():
-- 
cgit v1.2.3