Validation of Databricks JWT tokens

[milieere]

Hi everyone,

I would like to discuss the validation of Databricks JWT tokens. I built an app that uses Databricks OAuth. I want to add a feature that validates JWT tokens. What is recommended in this case? Ideally and if possible, I'd like to check the JWT signature. I haven't found any mention in the docs about this.

Currently, I do some basic check like this, however, this is not satisfactory for me:

def check_header_token(authorization_header_token: str):
    token = re.sub(r'(?i)bearer\s+', '', authorization_header_token)
    token = Token(access_token=token)
    credential_provider = Refreshable(token=token)
    claims = credential_provider._token.jwt_claims()
                
    if 'exp' in claims:
        expiration_time = float(claims['exp'])
        current_time = time.time()

        if current_time > expiration_time or current_time + 4 * 60 > expiration_time:
            raise GraphQLError("Token expired")
    
    else:
        raise GraphQLError("Token invalid - missing expiry time")
    
    return claims, credential_provider

Any tips or ideas? :) Thanks!