diff options
| -rw-r--r-- | unmess/api.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/unmess/api.py b/unmess/api.py index 57e1349..150942d 100644 --- a/unmess/api.py +++ b/unmess/api.py @@ -61,7 +61,8 @@ def auth_required(f): abort(403) try: token = jwt.decode(access_token, key=current_app.config['JWT_PUBLIC_KEY'], - audience=current_app.config['OAUTH_CLIENT_ID']) + audience=current_app.config['OAUTH_CLIENT_ID'], + algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']]) except jwt.InvalidTokenError: abort(403) user_id = ObjectId(token['sub']) @@ -260,7 +261,8 @@ def auth_response(): abort(500, error) token_data = jwt.decode(token['access_token'], key=current_app.config['JWT_PUBLIC_KEY'], - audience=current_app.config['OAUTH_CLIENT_ID']) + audience=current_app.config['OAUTH_CLIENT_ID'], + algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']]) # We're assuming sub is an ObjectId (this is true for jab) user_id = ObjectId(token_data['sub']) user = mongo.db.users.find_one({'_id': user_id}) |