How to use the authlib.specs.oidc.id_token.IDTokenError function in Authlib
To help you get started, we’ve selected a few Authlib examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
lepture / authlib / authlib / specs / oidc / id_token.py View on Github 
def validate_iat(self):
if 'iat' not in self.token:
raise IDTokenError('iat is required')def validate_nonce(self, nonce):
if 'nonce' not in self.token:
raise IDTokenError('nonce is required')
if nonce != self.nonce:
raise IDTokenError('nonce is invalid')def validate_exp(self, now):
if 'exp' not in self.token:
raise IDTokenError('exp is required')
if now and now > self.exp:
raise IDTokenError('exp is expired')def parse_id_token(id_token, key):
"""Parse an id_token text string into token dict.
:param id_token: A JWS text that represent current id_token.
:param key: A PEM key to parse the given id_token. This value can be:
* a string text of PEM key
* a dict/string of JWK
* a set/list/tuple of JWK
:return: (token, header)
"""
header, payload, valid = jws.verify(id_token, key)
if not valid:
raise IDTokenError('Invalid signature')
token = json.loads(payload.decode('utf-8'))
return token, headerdef validate_iss(self, issuer):
if 'iss' not in self.token:
raise IDTokenError('iss is required')
if isinstance(issuer, (list, tuple)):
if self.iss not in issuer:
raise IDTokenError('iss is invalid')
elif issuer is not None and self.iss != issuer:
raise IDTokenError('iss is invalid')def validate_iss(self, issuer):
if 'iss' not in self.token:
raise IDTokenError('iss is required')
if isinstance(issuer, (list, tuple)):
if self.iss not in issuer:
raise IDTokenError('iss is invalid')
elif issuer is not None and self.iss != issuer:
raise IDTokenError('iss is invalid')def validate_sub(self):
if 'sub' not in self.token:
raise IDTokenError('sub is required')
if len(self.sub) > 255:
raise IDTokenError('sub exceed 255 in length')def validate_exp(self, now):
if 'exp' not in self.token:
raise IDTokenError('exp is required')
if now and now > self.exp:
raise IDTokenError('exp is expired')def validate_azp(self, client_id):
if self.azp or len(self.aud) > 1:
if self.azp != client_id:
raise IDTokenError('azp is not for this client')Authlib
The ultimate Python library in building OAuth and OpenID Connect servers and clients.
Package Health Score
94 / 100Popular Authlib functions
- authlib.common.encoding.base64_to_int
- authlib.common.encoding.int_to_base64
- authlib.common.encoding.to_bytes
- authlib.common.encoding.to_unicode
- authlib.common.security.generate_token
- authlib.common.urls.url_decode
- authlib.common.urls.urlparse
- authlib.common.urls.urlparse.urlparse
- authlib.deprecate.deprecate
- authlib.integrations.flask_client.OAuth
- authlib.integrations.httpx_client.OAuth2Client
- authlib.integrations.requests_client.OAuth1Session
- authlib.integrations.requests_client.OAuth2Session
- authlib.jose.errors.DecodeError
- authlib.jose.errors.InvalidClaimError
- authlib.jose.jwt.decode
- authlib.jose.jwt.encode
- authlib.oauth1.rfc5849.util.escape
- authlib.oauth2.rfc6749.errors.InvalidRequestError
- authlib.specs.oidc.id_token.IDTokenError