search

vertexcover-io / falcon-auth

A falcon middleware + authentication backends that adds authentication layer to you app/api service.
MIT License
103 stars 31 forks source link

Using JWTAuthBackend, cant verify the token #7

Closed nmarcetic closed 5 years ago

nmarcetic commented 6 years ago

Hi, I am using JWTAuthBackend , here is my setup 

ser_loader = lambda email, password: { 'email': email }
secret_key = 'valar morghulis, valar dohaeris'
auth_backend = JWTAuthBackend(user_loader, secret_key, algorithm='HS256', auth_header_prefix='Bearer',
                leeway=0, expiration_delta=86400, audience=None, issuer='John Snow',
                verify_claims=None, required_claims=None)

To generate user token 

    user_payload = {
            'subject': user['email'],
            "issuer": "John Snow",
            "expires_at": str(datetime.datetime.utcnow() + datetime.timedelta(hours=10)),
            "issued_at": str(datetime.datetime.utcnow()),
        }
        jwt = auth_backend.get_auth_token(user_payload)

And in my main.py 

###
# Set Auth
###
# a loader function to fetch user from username, password
user_loader = lambda email, password: { 'email': email }
secret_key = 'valar morghulis, valar dohaeris'
auth_backend = JWTAuthBackend(user_loader, secret_key, algorithm='HS256', auth_header_prefix='Bearer',
                leeway=0, expiration_delta=86400, audience=None, issuer='John Snow',
                verify_claims=None, required_claims=None)
auth_middleware = FalconAuthMiddleware(auth_backend)
app = falcon.API(middleware=[auth_middleware])

I am able to generate user token, but when I need to verify it (accessing protected route) I am getting the error 

{
    "title": "401 Unauthorized",
    "description": "Token is missing the \"iss\" claim"
}

I tried to change verify_claims=['iss', 'exp'] etc... all variants, always getting this error ^ Any idea what can be wrong ? Maybe you can provide me example how to avoid any claims (there are all optional).

Thanks!

nmarcetic commented 6 years ago

I don't see iss chcecking here
https://github.com/loanzen/falcon-auth/blob/ec5a62bb0802d48721a70341179c1e0c1a1e8ffc/falcon_auth/backends.py#L235

nmarcetic commented 6 years ago

I removed issuer filed, its optional from pyjwt lib.

JWTAuthBackend(user_loader, secret_key, algorithm='HS256', auth_header_prefix='Bearer',
                leeway=0, expiration_delta=86400, audience=None, issuer='John Snow',
                verify_claims=None, required_claims=None)

Everything works as expected. Think this is definitely a bug missing iss checking here and adding to payload. I can send a PR if you confirm this as bug ?

kgritesh commented 6 years ago

@nmarcetic Thanks for pointing this out. Yes i agree its a bug, i forgot to check if issuer is set and not adding it to the payload. I would love if you could send a PR. Otherwise, i am happy to provide it myself.

yuvarajancitspl commented 5 years ago

Hi @kgritesh this issue is still available. Please update the changes as suggested by @nmarcetic thanks :)

jcwilson commented 5 years ago

I believe this was addressed by #15.

Please re-open or create a new issue if that's not the case.