Skip to content

You can't cache the jwk set with this example  #3

Open
@sombek

Description

@sombek

I would suggest an update where you can cache jwk set

class JsonWebToken:
    """Perform JSON Web Token (JWT) validation using PyJWT"""

    jwt_access_token: str
    auth0_issuer_url: str = f"https://{settings.auth0_domain}/"
    auth0_audience: str = settings.auth0_audience
    algorithm: str = "RS256"
    jwks_uri: str = f"{auth0_issuer_url}.well-known/jwks.json"

    jwks_client = jwt.PyJWKClient( # having the client created once will keep the cache as long as the app running
        jwks_uri,
        ssl_context=ctx,
        cache_jwk_set=True,
        cache_keys=True,
    )

    def validate(self):
        try:
            jwt_signing_key = self.jwks_client.get_signing_key_from_jwt(
                token=self.jwt_access_token
            ).key
            payload = jwt.decode(
                self.jwt_access_token,
                jwt_signing_key,
                algorithms=self.algorithm,
                audience=self.auth0_audience,
                issuer=self.auth0_issuer_url,
            )
        except jwt.exceptions.PyJWKClientError as e:
            print(e)
            raise UnableCredentialsException
        except jwt.exceptions.InvalidTokenError:
            raise BadCredentialsException
        return payload

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions