Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
'grant_type': 'authorization_code',
'code': request.GET['code'],
'redirect_uri': absolutify(
self.request,
nonprefixed_url('phonebook:verify_identity_callback')
),
}
response = requests.post(self.OIDC_OP_TOKEN_ENDPOINT,
data=token_payload,
verify=import_from_settings('OIDC_VERIFY_SSL', True))
response.raise_for_status()
token_response = response.json()
id_token = token_response.get('id_token')
# Verify JWT
jws = JWS.from_compact(force_bytes(id_token))
jwk = JWK.load(smart_bytes(self.OIDC_RP_VERIFICATION_CLIENT_SECRET))
verified_token = None
if jws.verify(jwk):
verified_token = jws.payload
# Create the new Identity Profile.
if verified_token:
user_info = json.loads(verified_token)
email = user_info['email']
verification_user_id = user_info.get(ORIGINAL_CONNECTION_USER_ID)
msg = ''
if not user_info.get('email_verified'):
msg = 'Account verification failed: Email is not verified.'
if not verification_user_id:
def _verified(self):
try:
jwk = JWK.load(self.public_key)
self.jws_obj = JWS.from_compact(self.jws)
if self._signed(jwk) is False:
logger.warning(
"The public key signature was not valid for jws {jws}".format(
jws=self.jws
)
)
self.jws_data = json.loads(self.jws.payload)
self.jws_data["code"] = "invalid"
return False
else:
self.jws_data = json.loads(self.jws_obj.payload.decode())
logger.info("Loaded JWS data.")
self.jws_data["connection_name"] = self._get_connection_name(
self.jws_data["connection"]
)
return True