Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save briggleman/3a878c08444093220d887cedf99b8f45 to your computer and use it in GitHub Desktop.
Save briggleman/3a878c08444093220d887cedf99b8f45 to your computer and use it in GitHub Desktop.
def scoped(scope):
"""Determines if the client id sent (x-api-key) is valid and the user has the scope required to access the resource
Args:
scope (str): The scope required to access the resource
"""
def wrapper(f):
@wraps(f)
async def decorated(request, *args, **kwargs):
token = await get_auth_token(request)
try:
claims = json.loads(jws.verify(token, __get_rsa_key(), algorithms="RS256").decode("utf8"))
logger.debug(f"claims :=> {claims}")
except jws.JWSSignatureError:
raise AuthError("token is expired; please run renew process", status=101, status_code=401)
except jws.JWSError:
raise AuthError("unable to verify api key", status=102, status_code=401)
scopes = claims["scope"].split()
if scope in scopes:
return await f(request, *args, **kwargs)
raise AuthError("api key not authorized for route", status=103, status_code=401)
return decorated
return wrapper
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment