Sending JWT headers to user_loader function #37
Conversation
|
Added a new parameter to This scheme is used by Azure authentication. Because this scheme is still a "JWT auth", I think it belongs in this class. But the class has a hard dependency on being given a string public key in the constructor, which isn't needed for the key discovery workflow. I decided not to remove this parameter because I'm not sure I want to be responsible for asking for breaking changes. :) But done properly, I'd do some refactoring to make it or key_discovery_url required, but not both. |
|
It appears the travis-ci builds are failing because Python 2.0 and 3.3 don't exist there? I'll look into increasing the test coverage for my PR... |
|
I wrote a test that I feel covers what I need it to, but I'm struggling with getting the two checks to pass. Could a more experienced developer provide advice? I'm not sure what's wrong with Python 2.7 in the travis-ci build, and I feel that trying to get another 0.9% test coverage in my changes will lead me in a direction where I'm testing that urllib works? Thanks! |
Trying to fix #36 .
I moved the
get_headerout of_decode_jwt_tokenand intoauthenticate, so I could use the token a second time. Then calledjwt.get_unverified_header, documented here https://pyjwt.readthedocs.io/en/latest/usage.html#reading-headers-without-validation.I send the headers as a second parameter to
user_loader, and to maintain backwards compatibility I catch theTypeErrorand call the old version ofuser_loaderin the catch block.No tests because I haven't figured out Python unit testing yet. >.> (I'm primarily a C# developer...) Let me know if you think they need to be added, I'll figure them out soon enough for my project.