TokenVerifier¶
-
class
gafaelfawr.verify.TokenVerifier(config: VerifierConfig, session: ClientSession, cache: TTLCache, logger: BoundLogger)¶ Bases:
objectVerifies the validity of a JWT.
Used for verifying tokens issued by external issuers, such as during an OpenID Connect authentication.
Parameters: - config (
gafaelfawr.config.VerifierConfig) – The JWT Authorizer configuration. - session (
aiohttp.ClientSession) – The session to use for making requests. - cache (
cachetools.TTLCache) – Cache in which to store issuer keys. - logger (
structlog.BoundLogger) – Logger to use to report status information.
Methods Summary
analyze_token(token)Analyze a token and return its expanded information. verify_internal_token(token)Verify a token issued by the internal issuer. verify_oidc_token(token)Verifies the provided JWT from an OpenID Connect provider. Methods Documentation
-
analyze_token(token: Token) → Dict[str, Any]¶ Analyze a token and return its expanded information.
Parameters: token ( gafaelfawr.tokens.Token) – The encoded token to analyze.Returns: output – The contents of the token. This will include the claims and the header, a flag saying whether it is valid, and any errors. Return type: Dict[ str, Any]
-
verify_internal_token(token: Token) → VerifiedToken¶ Verify a token issued by the internal issuer.
Parameters: token (
gafaelfawr.tokens.Token) – An encoded token.Returns: verified_token – The verified token.
Return type: Raises: jwt.exceptions.InvalidTokenError– The issuer of this token is unknown and therefore the token cannot be verified.MissingClaimsException– The token is missing required claims.
-
verify_oidc_token(token: Token) → VerifiedToken¶ Verifies the provided JWT from an OpenID Connect provider.
Parameters: token (
gafaelfawr.tokens.Token) – JWT to verify.Returns: verified_token – The verified token contents.
Return type: Raises: jwt.exceptions.InvalidTokenError– The token is invalid or the issuer is unknown.VerifyTokenException– The token failed to verify or was invalid in some way.
- config (