From 46420fc28f8f848f0ff75ff8a6d2ee0582302f94 Mon Sep 17 00:00:00 2001 From: Maxim Date: Sun, 2 Oct 2022 02:27:56 +0300 Subject: [PATCH 1/3] Make audiences nullable --- fastapi_security/oauth2.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fastapi_security/oauth2.py b/fastapi_security/oauth2.py index 224814f..d26457c 100644 --- a/fastapi_security/oauth2.py +++ b/fastapi_security/oauth2.py @@ -41,7 +41,7 @@ def __init__(self): def init( self, jwks_url: str, - audiences: Iterable[str], + audiences: Optional[Union[str, Iterable[str]]], *, jwks_cache_period: int = DEFAULT_JWKS_RESPONSE_CACHE_PERIOD, ): @@ -52,7 +52,7 @@ def init( The JWKS endpoint to fetch the public keys from. Usually in the format: "https://domain/.well-known/jwks.json" audiences: - Accepted `aud` values for incoming access tokens + Accepted `aud` values for incoming access tokens. Could be a list of string, a string or None. jwks_cache_period: How many seconds to cache the JWKS response. Defaults to 1 hour. """ @@ -66,7 +66,7 @@ def init( ) self._jwks_url = jwks_url self._jwks_cache_period = float(jwks_cache_period) - self._audiences = list(audiences) + self._audiences = audiences def is_configured(self) -> bool: return bool(self._jwks_url) From 997937cb0223ca19d8739f2326a8d1b92fce0434 Mon Sep 17 00:00:00 2001 From: Maxim Date: Sun, 2 Oct 2022 02:42:19 +0300 Subject: [PATCH 2/3] Also allow for other options --- fastapi_security/oauth2.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fastapi_security/oauth2.py b/fastapi_security/oauth2.py index d26457c..3ca7eef 100644 --- a/fastapi_security/oauth2.py +++ b/fastapi_security/oauth2.py @@ -44,6 +44,7 @@ def init( audiences: Optional[Union[str, Iterable[str]]], *, jwks_cache_period: int = DEFAULT_JWKS_RESPONSE_CACHE_PERIOD, + decode_options: dict = None ): """Set up Oauth 2.0 JWT validation @@ -67,6 +68,7 @@ def init( self._jwks_url = jwks_url self._jwks_cache_period = float(jwks_cache_period) self._audiences = audiences + self._decode_options = decode_options def is_configured(self) -> bool: return bool(self._jwks_url) @@ -161,4 +163,4 @@ def _decode_jwt_token( self, public_key: _RSAPublicKey, access_token: str ) -> Dict[str, Any]: # NOTE: jwt.decode has erroneously set key: str - return jwt.decode(access_token, key=public_key, audience=self._audiences, algorithms=["RS256"]) # type: ignore + return jwt.decode(access_token, key=public_key, audience=self._audiences, algorithms=["RS256"], **self._decode_options) # type: ignore From 999ce5876a04cfa915b2a49a220ede931cde3ccd Mon Sep 17 00:00:00 2001 From: Maxim Date: Sun, 2 Oct 2022 02:44:24 +0300 Subject: [PATCH 3/3] Document the option --- fastapi_security/oauth2.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fastapi_security/oauth2.py b/fastapi_security/oauth2.py index 3ca7eef..ae78d35 100644 --- a/fastapi_security/oauth2.py +++ b/fastapi_security/oauth2.py @@ -56,6 +56,8 @@ def init( Accepted `aud` values for incoming access tokens. Could be a list of string, a string or None. jwks_cache_period: How many seconds to cache the JWKS response. Defaults to 1 hour. + decode_options: + Other options for PyJWT's decode function. """ if aiohttp is None: raise MissingDependency(