Mercurial > code > home > repos > href

comparison get_agent.py @ 42:530650b3bc40 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
something changed in pom to break pyjwt. switched to jwskate
author drewp@bigasterisk.com
date Wed, 14 Dec 2022 22:07:19 -0800
parents 293a694304b8
children
comparison
equal deleted inserted replaced
41:293a694304b8 42:530650b3bc40
1 import logging 1 import logging
2 2
3 import bottle 3 import bottle
4 import jwt
5 from rdflib import URIRef 4 from rdflib import URIRef
6 5 import requests
6 from jwskate import Jwt, JwkSet
7 log = logging.getLogger(__name__) 7 log = logging.getLogger(__name__)
8 8
9 jwks_client = jwt.PyJWKClient(uri='https://authenticate.bigasterisk.com/.well-known/pomerium/jwks.json') 9 jwkset = JwkSet(requests.get('https://authenticate.bigasterisk.com/.well-known/pomerium/jwks.json').json())
10
11 10
12 def bottleGetAgent() -> URIRef: 11 def bottleGetAgent() -> URIRef:
13 pomAssertion = bottle.request.headers.get('X-Pomerium-Jwt-Assertion', None) 12 pomAssertion = bottle.request.headers.get('X-Pomerium-Jwt-Assertion', None)
14 13 log.debug('pomAssertion=%r', pomAssertion)
15 sk = jwks_client.get_signing_key_from_jwt(pomAssertion) 14 jwt = Jwt(pomAssertion)
16 j = jwt.decode(pomAssertion, key=sk.key, algorithms=['ES256'], audience="bigasterisk.com") 15 jwt.validate(jwkset['keys'][0], #??
17 16 algs=['ES256'],
17 issuer='authenticate.bigasterisk.com',
18 audience='bigasterisk.com')
19 log.debug('claims=%r', jwt.claims)
18 foaf = { 20 foaf = {
19 'drewpca@gmail.com': 'http://bigasterisk.com/foaf.rdf#drewp', 21 'drewpca@gmail.com': 'http://bigasterisk.com/foaf.rdf#drewp',
20 'kelsimp@gmail.com': 'http://bigasterisk.com/kelsi/foaf.rdf#kelsi', 22 'kelsimp@gmail.com': 'http://bigasterisk.com/kelsi/foaf.rdf#kelsi',
21 }[j['email']] 23 }[jwt.claims['email']]
22 return URIRef(foaf) 24 return URIRef(foaf)