search

okta / okta-jwt-verifier-python

okta-jwt-verifier-python
https://github.com/okta/okta-jwt-verifier-python
Apache License 2.0
32 stars 15 forks source link

Suggested feature: verify token scopes #29

Closed SpicySyntax closed 2 years ago

SpicySyntax commented 2 years ago

Firstly I think it is great that this project exists and wanted to say thanks! I have had to write my own python library for doing some of these functions, and I am glad I might be able to use this as an alternative.

In looking through the source code, I noticed there i not a mechanism for verifying the scopes on JWTs. Is that something that might be worth adding? Or is this type of token authorization to be done strictly with claims? I am still at the beginning of my OIDC journey with okta so let me know if this question doesn't make sense.

Thanks!

serhiibuniak-okta commented 2 years ago

@SpicySyntax Thanks for using our library. You can check scopes using this library:

from okta_jwt_verifier import JWTUtils

headers, claims, sign_input, signature = JWTUtils.parse_token(token)
# or simpler if you need only claims:
# _, claims, _, _ = JWTUtils.parse_token(token)
assert claims['scp'] == ['openid']