Mercurial > code > home > repos > href

diff get_agent.py @ 42:530650b3bc40 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
something changed in pom to break pyjwt. switched to jwskate
author drewp@bigasterisk.com
date Wed, 14 Dec 2022 22:07:19 -0800
parents 293a694304b8
children
line wrap: on
line diff
--- a/get_agent.py	Sat Nov 19 17:18:55 2022 -0800
+++ b/get_agent.py	Wed Dec 14 22:07:19 2022 -0800
@@ -1,22 +1,24 @@
 import logging
 
 import bottle
-import jwt
 from rdflib import URIRef
-
+import requests
+from jwskate import Jwt, JwkSet
 log = logging.getLogger(__name__)
 
-jwks_client = jwt.PyJWKClient(uri='https://authenticate.bigasterisk.com/.well-known/pomerium/jwks.json')
-
+jwkset = JwkSet(requests.get('https://authenticate.bigasterisk.com/.well-known/pomerium/jwks.json').json())
 
 def bottleGetAgent() -> URIRef:
     pomAssertion = bottle.request.headers.get('X-Pomerium-Jwt-Assertion', None)
-
-    sk = jwks_client.get_signing_key_from_jwt(pomAssertion)
-    j = jwt.decode(pomAssertion, key=sk.key, algorithms=['ES256'], audience="bigasterisk.com")
-
+    log.debug('pomAssertion=%r', pomAssertion)
+    jwt = Jwt(pomAssertion)
+    jwt.validate(jwkset['keys'][0], #??
+                 algs=['ES256'], 
+                 issuer='authenticate.bigasterisk.com', 
+                 audience='bigasterisk.com')
+    log.debug('claims=%r', jwt.claims)
     foaf = {
         'drewpca@gmail.com': 'http://bigasterisk.com/foaf.rdf#drewp',
         'kelsimp@gmail.com': 'http://bigasterisk.com/kelsi/foaf.rdf#kelsi',
-    }[j['email']]
+    }[jwt.claims['email']]
     return URIRef(foaf)