dave/pyfa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 20 Wiki Activity

Merge pull request #2422 from nmalaguti/feature/jwt-aud-fix

Browse Source 
Skip validation of JWT "aud" claim
This commit is contained in:
Ryan Holmes
2022-03-30 00:38:17 -04:00
committed by GitHub
parent 52b8b4bc6c 4ba037d6e1
commit e57b7e5a8f
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
service/esiAccess.py
View File

@@ -214,6 +214,10 @@ class EsiAccess:
def validate_eve_jwt(self, jwt_token): def validate_eve_jwt(self, jwt_token):
"""Validate a JWT token retrieved from the EVE SSO. """Validate a JWT token retrieved from the EVE SSO.
Ignores the `aud` claim in token due to avoid unexpected breaking
changes to ESI.
Args: Args:
jwt_token: A JWT token originating from the EVE SSO jwt_token: A JWT token originating from the EVE SSO
Returns Returns
@@ -235,7 +239,9 @@ class EsiAccess:
jwt_token, jwt_token,
jwk_set, jwk_set,
algorithms=jwk_set["alg"], algorithms=jwk_set["alg"],
issuer=[self.server_base.sso, "https://%s" % self.server_base.sso] issuer=[self.server_base.sso, "https://%s" % self.server_base.sso],
# ignore "aud" claim: https://tweetfleet.slack.com/archives/C30KX8UUX/p1648495011905969
options={"verify_aud": False}
) )
except ExpiredSignatureError as e: except ExpiredSignatureError as e:
raise GenericSsoError("The JWT token has expired: {}".format(str(e))) raise GenericSsoError("The JWT token has expired: {}".format(str(e)))