Created
February 20, 2017 00:09
-
-
Save absent1706/353ef45b86f49740ab9cd52847b130d3 to your computer and use it in GitHub Desktop.
Verification of JWT (id_token) https://developers.google.com/identity/sign-in/web/backend-auth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from oauth2client import client, crypt | |
| # (Receive token by HTTPS POST) | |
| token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6ImQyYzQ4YmFkMzAwMjBhY2U4MzBlZDkzYmQ4MWMzMjhkYzY4NTFhOTMifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJpYXQiOjE0ODc0MTc5ODEsImV4cCI6MTQ4NzQyMTU4MSwiYXRfaGFzaCI6IkIyYkJWU2d1M0tkOHdxT1p5NnN4Z3ciLCJhdWQiOiI1ODE3ODY2NTg3MDgtZWxmbGFua2VycXVvMWE2dnNja2FiYmhuMjVoY2xsYTAuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDcwMzQzNjY2NTEwMjUwMzAwMDAiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXpwIjoiNTgxNzg2NjU4NzA4LWVsZmxhbmtlcnF1bzFhNnZzY2thYmJobjI1aGNsbGEwLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwiOiJsaXR2aW5lbmtvMTcwNkBnbWFpbC5jb20iLCJuYW1lIjoi0JDQu9C10LrRgdCw0L3QtNGAINCb0LjRgtCy0LjQvdC10L3QutC-IiwicGljdHVyZSI6Imh0dHBzOi8vbGg0Lmdvb2dsZXVzZXJjb250ZW50LmNvbS8tME9hYkNoaHZMU1kvQUFBQUFBQUFBQUkvQUFBQUFBQUFBLU0vUkFhaHlTaUE2aGsvczk2LWMvcGhvdG8uanBnIiwiZ2l2ZW5fbmFtZSI6ItCQ0LvQtdC60YHQsNC90LTRgCIsImZhbWlseV9uYW1lIjoi0JvQuNGC0LLQuNC90LXQvdC60L4iLCJsb2NhbGUiOiJydS1VQSJ9.LrL5ji_j-oX9Lh78TsoyJXzSQfUaQ3elxg8GOrsHwURxMAY7lboBxtN6g9gfVSIac-vw7GhDA16oBsvVro_sU2V59EkCl0ECwjKirUAdYg4tx-isbDoVdMSiCZgYZHCpd1pCwwN9ShZy5OIQ58JBpwt0Ab5SABNZ34dlmJw9nSB08P8ndhOgbN3KNEH1G3UKy6VD0hAqlEKLU45ktlOkrwpJrUJXNneyqg6QtAgG6ZrBaNLO_KSCEfqGu41AUFSSSmOrhIqcGLdyZqnwSIFUiBT7xMOaHxYsRIJopseKup_SKLXYA4_1hUqACY9dmxw5dIa0AcNfV9O3-AFRfbedSQ' | |
| CLIENT_ID = '581786658708-elflankerquo1a6vsckabbhn25hclla0.apps.googleusercontent.com' | |
| try: | |
| idinfo = client.verify_id_token(token, CLIENT_ID) | |
| # Or, if multiple clients access the backend server: | |
| #idinfo = client.verify_id_token(token, None) | |
| #if idinfo['aud'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]: | |
| # raise crypt.AppIdentityError("Unrecognized client.") | |
| if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: | |
| raise crypt.AppIdentityError("Wrong issuer.") | |
| userid = idinfo['sub'] | |
| # If auth request is from a G Suite domain: | |
| #if idinfo['hd'] != GSUITE_DOMAIN_NAME: | |
| # raise crypt.AppIdentityError("Wrong hosted domain.") | |
| except crypt.AppIdentityError as e: | |
| # Invalid token | |
| print 'ERROR!!!!! \n'+ str(e) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment