diff options
| author | Jon Bergli Heier <snakebite@jvnv.net> | 2021-08-15 13:08:36 +0200 |
|---|---|---|
| committer | Jon Bergli Heier <snakebite@jvnv.net> | 2021-08-15 13:08:36 +0200 |
| commit | d5af089f673140c754494c828f7441f36d4f7d74 (patch) | |
| tree | 227f62463e3c14c9f45e98bbfc05d69d8202aac7 | |
| parent | 365248c739dda8fe707db67cdb85698d04e1e580 (diff) | |
| -rw-r--r-- | unmess/api.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/unmess/api.py b/unmess/api.py index 57e1349..150942d 100644 --- a/unmess/api.py +++ b/unmess/api.py @@ -61,7 +61,8 @@ def auth_required(f): abort(403) try: token = jwt.decode(access_token, key=current_app.config['JWT_PUBLIC_KEY'], - audience=current_app.config['OAUTH_CLIENT_ID']) + audience=current_app.config['OAUTH_CLIENT_ID'], + algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']]) except jwt.InvalidTokenError: abort(403) user_id = ObjectId(token['sub']) @@ -260,7 +261,8 @@ def auth_response(): abort(500, error) token_data = jwt.decode(token['access_token'], key=current_app.config['JWT_PUBLIC_KEY'], - audience=current_app.config['OAUTH_CLIENT_ID']) + audience=current_app.config['OAUTH_CLIENT_ID'], + algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']]) # We're assuming sub is an ObjectId (this is true for jab) user_id = ObjectId(token_data['sub']) user = mongo.db.users.find_one({'_id': user_id}) |