lucasjensen/TheGrapefruitsDuo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63f50dd1c7b6a47ce804912d2dc0a347d13d04ab
TheGrapefruitsDuo/server/app/admin/oauth_token.py
Lucas Jensen 5d67c0c2b2 initial commit
2024-05-01 09:19:01 -07:00

28 lines
897 B
Python
Raw Blame History

from os import getenv
from fastapi.security.http import HTTPAuthorizationCredentials
from google.auth import jwt
from icecream import ic
def _token_claims(token: HTTPAuthorizationCredentials) -> dict:
aud = getenv("AUDIENCE")
credentials = token.credentials
claims = jwt.decode(credentials, aud, verify=False)
if not claims:
raise ValueError("Invalid token")
if claims.get("aud") != aud:
raise ValueError("Invalid audience")
if claims.get("email_verified") is not True:
raise ValueError("Email not verified")
if not claims.get("email"):
raise ValueError("Email not found in token")
if not claims.get("sub"):
raise ValueError("Sub not found in token")
return claims
def email_and_sub(token: HTTPAuthorizationCredentials) -> tuple[str, str]:
claims = _token_claims(token)
return claims["email"], claims["sub"]
Reference in New Issue View Git Blame Copy Permalink