Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: tests
Browse files Browse the repository at this point in the history
sattvikc committed Dec 12, 2024
1 parent fc42477 commit 724c97b
Showing 2 changed files with 33 additions and 15 deletions.
18 changes: 11 additions & 7 deletions supertokens_python/recipe/oauth2provider/interfaces.py
Original file line number Diff line number Diff line change
@@ -166,24 +166,28 @@ def __init__(
@staticmethod
def from_json(json: Dict[str, Any]):
return TokenInfo(
access_token=json["access_token"],
access_token=json.get("access_token"),
expires_in=json["expires_in"],
id_token=json["id_token"],
refresh_token=json["refresh_token"],
id_token=json.get("id_token"),
refresh_token=json.get("refresh_token"),
scope=json["scope"],
token_type=json["token_type"],
)

def to_json(self) -> Dict[str, Any]:
return {
result = {
"status": "OK",
"access_token": self.access_token,
"expires_in": self.expires_in,
"id_token": self.id_token,
"refresh_token": self.refresh_token,
"scope": self.scope,
"token_type": self.token_type,
}
if self.access_token is not None:
result["access_token"] = self.access_token
if self.id_token is not None:
result["id_token"] = self.id_token
if self.refresh_token is not None:
result["refresh_token"] = self.refresh_token
return result


class LoginInfo:
30 changes: 22 additions & 8 deletions supertokens_python/recipe/oauth2provider/recipe_implementation.py
Original file line number Diff line number Diff line change
@@ -633,12 +633,26 @@ async def validate_oauth2_access_token(
# Verify token signature using session recipe's JWKS
session_recipe = SessionRecipe.get_instance()
matching_keys = get_latest_keys(session_recipe.config)
payload = jwt.decode(
token,
matching_keys[0].key,
algorithms=["RS256"],
options={"verify_signature": True, "verify_exp": True},
)
err: Optional[Exception] = None

payload: Dict[str, Any] = {}

for matching_key in matching_keys:
err = None
try:
payload = jwt.decode(
token,
matching_key.key,
algorithms=["RS256"],
options={"verify_signature": True, "verify_exp": True},
)
except Exception as e:
err = e
continue
break

if err is not None:
raise err

if payload.get("stt") != 1:
raise Exception("Wrong token type")
@@ -845,7 +859,7 @@ async def introspect_token(
# If it fails, the token is not active, and we return early
if is_access_token:
try:
payload = await self.validate_oauth2_access_token(
await self.validate_oauth2_access_token(
token=token,
requirements=(
OAuth2TokenValidationRequirements(scopes=scopes)
@@ -855,7 +869,7 @@ async def introspect_token(
check_database=False,
user_context=user_context,
)
return ActiveTokenResponse(payload=payload)

except Exception:
return InactiveTokenResponse()

0 comments on commit 724c97b

Please sign in to comment.