Closed nmarcetic closed 5 years ago
I don't see iss
chcecking here
https://github.com/loanzen/falcon-auth/blob/ec5a62bb0802d48721a70341179c1e0c1a1e8ffc/falcon_auth/backends.py#L235
I removed issuer filed, its optional from pyjwt lib.
JWTAuthBackend(user_loader, secret_key, algorithm='HS256', auth_header_prefix='Bearer',
leeway=0, expiration_delta=86400, audience=None, issuer='John Snow',
verify_claims=None, required_claims=None)
Everything works as expected. Think this is definitely a bug missing iss checking here and adding to payload. I can send a PR if you confirm this as bug ?
@nmarcetic Thanks for pointing this out. Yes i agree its a bug, i forgot to check if issuer is set and not adding it to the payload. I would love if you could send a PR. Otherwise, i am happy to provide it myself.
Hi @kgritesh this issue is still available. Please update the changes as suggested by @nmarcetic thanks :)
I believe this was addressed by #15.
Please re-open or create a new issue if that's not the case.
Hi, I am using JWTAuthBackend , here is my setup
To generate user token
And in my main.py
I am able to generate user token, but when I need to verify it (accessing protected route) I am getting the error
I tried to change verify_claims=['iss', 'exp'] etc... all variants, always getting this error ^ Any idea what can be wrong ? Maybe you can provide me example how to avoid any claims (there are all optional).
Thanks!