Hello, to make existing code more usable, I propose reimagining the OpenIDMixin.parse_id_token method. This method contains an inline function definition def load_key(header, _), and I don't see any reason why this function is not a method of the OpenIDMixin. Moreover, this function uses other self.methods, which marks they as a method of OpenIDMixin rather than a standalone function. Lastly, if it were a method, it could be easily tested and used for other purposes. For example, at present, there's a minor bug in functionality as it does not raise an error if new keys are loaded but still do not contain the desired 'kid'.
Before:
# authlib\integrations\base_client\sync_openid.py
class OpenIDMixin(object):
...
def parse_id_token(self, token, nonce, claims_options=None, leeway=120):
"""Return an instance of UserInfo from token's ``id_token``."""
if 'id_token' not in token:
return None
def load_key(header, _):
jwk_set = JsonWebKey.import_key_set(self.fetch_jwk_set())
try:
return jwk_set.find_by_kid(header.get('kid'))
except ValueError:
# re-try with new jwk set
jwk_set = JsonWebKey.import_key_set(self.fetch_jwk_set(force=True))
return jwk_set.find_by_kid(header.get('kid'))
...
After suggested refactoring:
# authlib\integrations\base_client\sync_openid.py
class OpenIDMixin(object):
...
def load_key(self, header, force=False):
jwk_set = JsonWebKey.import_key_set(self.fetch_jwk_set())
try:
return jwk_set.find_by_kid(header.get('kid'))
except ValueError:
if not force: # re-try with new jwk set
return self.load_key(header, force=True)
raise RuntimeError('Missing "kid" in "jwk_set"')
def parse_id_token(self, token, nonce, claims_options=None, leeway=120):
"""Return an instance of UserInfo from token's ``id_token``."""
if 'id_token' not in token:
return None
...
claims = _jwt.decode(
token['id_token'], key=self.load_key,
...
)
...
Hello, to make existing code more usable, I propose reimagining the
OpenIDMixin.parse_id_token method. This method contains an inline function definitiondef load_key(header, _), and I don't see any reason why this function is not a method of theOpenIDMixin. Moreover, this function uses other self.methods, which marks they as a method of OpenIDMixin rather than a standalone function. Lastly, if it were a method, it could be easily tested and used for other purposes. For example, at present, there's a minor bug in functionality as it does not raise an error if new keys are loaded but still do not contain the desired 'kid'.Before:
After suggested refactoring: