Created
June 19, 2019 19:58
-
-
Save briggleman/3a878c08444093220d887cedf99b8f45 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def scoped(scope): | |
"""Determines if the client id sent (x-api-key) is valid and the user has the scope required to access the resource | |
Args: | |
scope (str): The scope required to access the resource | |
""" | |
def wrapper(f): | |
@wraps(f) | |
async def decorated(request, *args, **kwargs): | |
token = await get_auth_token(request) | |
try: | |
claims = json.loads(jws.verify(token, __get_rsa_key(), algorithms="RS256").decode("utf8")) | |
logger.debug(f"claims :=> {claims}") | |
except jws.JWSSignatureError: | |
raise AuthError("token is expired; please run renew process", status=101, status_code=401) | |
except jws.JWSError: | |
raise AuthError("unable to verify api key", status=102, status_code=401) | |
scopes = claims["scope"].split() | |
if scope in scopes: | |
return await f(request, *args, **kwargs) | |
raise AuthError("api key not authorized for route", status=103, status_code=401) | |
return decorated | |
return wrapper |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment