summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJon Bergli Heier <snakebite@jvnv.net>2021-08-15 13:08:36 +0200
committerJon Bergli Heier <snakebite@jvnv.net>2021-08-15 13:08:36 +0200
commitd5af089f673140c754494c828f7441f36d4f7d74 (patch)
tree227f62463e3c14c9f45e98bbfc05d69d8202aac7
parent365248c739dda8fe707db67cdb85698d04e1e580 (diff)
Add algorithms parameter to jwt.decode callsHEADmaster
-rw-r--r--unmess/api.py6
1 files changed, 4 insertions, 2 deletions
diff --git a/unmess/api.py b/unmess/api.py
index 57e1349..150942d 100644
--- a/unmess/api.py
+++ b/unmess/api.py
@@ -61,7 +61,8 @@ def auth_required(f):
abort(403)
try:
token = jwt.decode(access_token, key=current_app.config['JWT_PUBLIC_KEY'],
- audience=current_app.config['OAUTH_CLIENT_ID'])
+ audience=current_app.config['OAUTH_CLIENT_ID'],
+ algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
except jwt.InvalidTokenError:
abort(403)
user_id = ObjectId(token['sub'])
@@ -260,7 +261,8 @@ def auth_response():
abort(500, error)
token_data = jwt.decode(token['access_token'], key=current_app.config['JWT_PUBLIC_KEY'],
- audience=current_app.config['OAUTH_CLIENT_ID'])
+ audience=current_app.config['OAUTH_CLIENT_ID'],
+ algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
# We're assuming sub is an ObjectId (this is true for jab)
user_id = ObjectId(token_data['sub'])
user = mongo.db.users.find_one({'_id': user_id})