Skip to content
This repository was archived by the owner on Jun 1, 2023. It is now read-only.

Commit ebcd922

Browse files
roherohe
committed
More checks and a bunch of new tests.
1 parent e872ed1 commit ebcd922

File tree

2 files changed

+387
-2
lines changed

2 files changed

+387
-2
lines changed

src/oidcmsg/oidc/__init__.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
import time
1010

1111
from cryptojwt import as_unicode
12+
from cryptojwt.jws.jws import factory as jws_factory
1213
from cryptojwt.jws.utils import left_hash
1314
from cryptojwt.jwt import JWT
1415

@@ -274,6 +275,19 @@ def verify_id_token(msg, check_hash=False, **kwargs):
274275
args[arg] = kwargs[arg]
275276
except KeyError:
276277
pass
278+
279+
_jws = jws_factory(msg["id_token"])
280+
if not _jws:
281+
raise ValueError('id_token not a signed JWT')
282+
283+
_body = _jws.jwt.payload()
284+
if 'keyjar' in kwargs:
285+
try:
286+
if _body['iss'] not in kwargs['keyjar']:
287+
raise ValueError('Unknown issuer')
288+
except KeyError:
289+
raise MissingRequiredAttribute('iss')
290+
277291
idt = IdToken().from_jwt(str(msg["id_token"]), **args)
278292
if not idt.verify(**kwargs):
279293
return False

0 commit comments

Comments
 (0)