From 4ba037d6e16ccef1773c0ff5b9cafb3b7c4ecc71 Mon Sep 17 00:00:00 2001 From: Nick Malaguti Date: Mon, 28 Mar 2022 21:36:49 -0400 Subject: [PATCH] Skip validation of JWT "aud" claim Due to unexpected ESI SSO breakage by adding an "aud" claim, skip validation of the claim. If in the future CCP specifies which "aud" claim to verify against, this can be changed to pass the appropriate "audience" value. Fixes #2421 --- service/esiAccess.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/service/esiAccess.py b/service/esiAccess.py index 0a53c6de5..12bcddc94 100644 --- a/service/esiAccess.py +++ b/service/esiAccess.py @@ -214,6 +214,10 @@ class EsiAccess: def validate_eve_jwt(self, jwt_token): """Validate a JWT token retrieved from the EVE SSO. + + Ignores the `aud` claim in token due to avoid unexpected breaking + changes to ESI. + Args: jwt_token: A JWT token originating from the EVE SSO Returns @@ -235,7 +239,9 @@ class EsiAccess: jwt_token, jwk_set, algorithms=jwk_set["alg"], - issuer=[self.server_base.sso, "https://%s" % self.server_base.sso] + issuer=[self.server_base.sso, "https://%s" % self.server_base.sso], + # ignore "aud" claim: https://tweetfleet.slack.com/archives/C30KX8UUX/p1648495011905969 + options={"verify_aud": False} ) except ExpiredSignatureError as e: raise GenericSsoError("The JWT token has expired: {}".format(str(e))) @@ -305,4 +311,4 @@ class EsiAccess: return self.post(char, EsiEndpoints.CHAR_FITTINGS.value, json_str, character_id=char.characterID) def delFitting(self, char, fittingID): - return self.delete(char, EsiEndpoints.CHAR_DEL_FIT.value, character_id=char.characterID, fitting_id=fittingID) \ No newline at end of file + return self.delete(char, EsiEndpoints.CHAR_DEL_FIT.value, character_id=char.characterID, fitting_id=fittingID)