In [15]:
#installing a pip package in the current Jupyter Kernel
import sys
!{sys.executable} -m pip install python-jose

Collecting python-jose
  Downloading python_jose-3.3.0-py2.py3-none-any.whl (33 kB)
Collecting ecdsa!=0.15
  Downloading ecdsa-0.18.0-py2.py3-none-any.whl (142 kB)
     -------------------------------------- 142.9/142.9 kB 1.7 MB/s eta 0:00:00
Collecting pyasn1
  Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)
     ---------------------------------------- 77.1/77.1 kB ? eta 0:00:00
Collecting rsa
  Downloading rsa-4.9-py3-none-any.whl (34 kB)
Installing collected packages: pyasn1, rsa, ecdsa, python-jose
Successfully installed ecdsa-0.18.0 pyasn1-0.4.8 python-jose-3.3.0 rsa-4.9


In [17]:
import json
from jose import jwt
from urllib.request import urlopen

In [18]:
#configurations
AUTH0_DOMAIN = 'dev-i15j0m76.us.auth0.com'
ALGORITHMS = ['RS256']
API_AUDIENCE = 'image'


In [29]:
"""
AuthError Exception
A standard way to communicate auth failure modes
"""
class AuthError(Exception):

    def __init__(self, error, status_code):
        self.error = error
        self.status_code = status_code

In [21]:
token = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InEtVDRSTkhSV0ZwVm1CUUFMaEI2YiJ9.eyJpc3MiOiJodHRwczovL2Rldi1pMTVqMG03Ni51cy5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NjMyZGJkOGM0OWY0MTA2NmZkMmU5MWI2IiwiYXVkIjoiaW1hZ2UiLCJpYXQiOjE2NjM5NjU1MTcsImV4cCI6MTY2Mzk3MjcxNywiYXpwIjoiWkxkTXljY0tYbXZ0VTczdXFRdVVwaW14SXZLRFdxQVgiLCJzY29wZSI6IiJ9.aNZHyijb23rvc1gyw-TAdE-GYo-hoPPhehAr1a6LWA2ajWPT9M5f-pJuydag1Ef0AZsECYPermJhKHc5OZZqZqfqw8PqAX8gy1rrAULHZ390qH5CcY7LwXBAE6htJENhdS1JDFHmLmu2h5ILSUST2is2oqOR5SE4mHBL9kUhkBz37750dj6TX9RycAt1-YD2BRu81sWIkn61LzeRs9bpscyVrTEFQ2fqc5m-D89ZTkLlVhmIYNv60BLbl0YfGEWCgleCCdS0ZLA0AZw2a-iRGv3cAbSZVbvrQUFAIcSTMn3RH8FXmsphvJQRFyfQbdOi2Xs9F2aK31R8JWYfdjASaQ'


In [27]:
def verify_decode_jwt(token):
    jsonurl = urlopen(f"https://{AUTH0_DOMAIN}/.well-known/jwks.json")
    jwks = json.loads(jsonurl.read())

    #GET THE DATA IN THE HEADER
    unverified_header = jwt.get_unverified_header(token)

    #Choosing my key
    rsa_key={}
    if 'kid' not in unverified_header:
        raise AuthError({
            'code':'invalid header',
            'description':'Authorization malformed'
        })

    for key in jwks['keys']:
        if key['kid'] == unverified_header['kid']:
            rsa_key={
                'kty': key['kty'],
                'kid': key['kid'],
                'use': key['use'],
                'n': key['n'],
                'e': key['e']
            }
    if rsa_key:
        try:
            #USE THE KEY TO VALIDATE THE JWT
            payload = jwt.decode(
                token,
                rsa_key,
                algorithms=ALGORITHMS,
                audience=API_AUDIENCE,
                issuer='https://'+ AUTH0_DOMAIN + '/' 
            )

            return payload

        except jwt.ExpiredSignatureError:
            raise AuthError({
                'code':'Token Expired',
                'desciption':'Token Expired'
            }, 401)

        except jwt.JWTClaimsError:
            raise AuthError({
                'code': 'invalid_claims',
                'description': 'Incorrect claims. Please, check the audience and issuer.'
            }, 401)
        except Exception:
            raise AuthError({
                'code': 'invalid_header',
                'description': 'Unable to parse authentication token.'
            }, 400)
    raise AuthError({
                'code': 'invalid_header',
                'description': 'Unable to find the appropriate key.'
            }, 400)



In [28]:
verify_decode_jwt(token)

{'iss': 'https://dev-i15j0m76.us.auth0.com/',
 'sub': 'auth0|632dbd8c49f41066fd2e91b6',
 'aud': 'image',
 'iat': 1663965517,
 'exp': 1663972717,
 'azp': 'ZLdMyccKXmvtU73uqQuUpimxIvKDWqAX',
 'scope': ''}

In [30]:
jsonurl = urlopen(f"https://{AUTH0_DOMAIN}/.well-known/jwks.json")
jwks = json.loads(jsonurl.read())
print(jwks)

{'keys': [{'alg': 'RS256', 'kty': 'RSA', 'use': 'sig', 'n': 'w8eUm6bAa9nYOFFQihvdbuW3WS3ERy3CyUDaLw1S3jRiDlHE_r-RnJwJ0t_G4SihOrNhB1Pa2awDv8k9IK4U8zGc5iADSQYQFsWv47XisYm1Ki9a-iNomyI8qMAdzg_Ee0u9F5Amk7q6_aiCdPucuwJhuvwOKJSxCyGnscl0oomX1IeKxSNsHTXw4uA8mSVaLTapas4jttg8Bu25CFTZ14aif5t5G8gHz1WvwNpECcxteWyvNe_0HCLBx_DhHCqhADe7DXCLtJQrbAbICFT0YzbexGGZ97BYJvmaLTgIu6z_VeGHziHMWPi25fGyKAqDomgBoLAw4SK2Vd5kexL6yw', 'e': 'AQAB', 'kid': 'q-T4RNHRWFpVmBQALhB6b', 'x5t': '_USwZuXjj_NVu6Hyo4ozlEtXofc', 'x5c': ['MIIDDTCCAfWgAwIBAgIJeFzvMKjUEkFCMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNVBAMTGWRldi1pMTVqMG03Ni51cy5hdXRoMC5jb20wHhcNMjIwOTIyMTkzMjIzWhcNMzYwNTMxMTkzMjIzWjAkMSIwIAYDVQQDExlkZXYtaTE1ajBtNzYudXMuYXV0aDAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8eUm6bAa9nYOFFQihvdbuW3WS3ERy3CyUDaLw1S3jRiDlHE/r+RnJwJ0t/G4SihOrNhB1Pa2awDv8k9IK4U8zGc5iADSQYQFsWv47XisYm1Ki9a+iNomyI8qMAdzg/Ee0u9F5Amk7q6/aiCdPucuwJhuvwOKJSxCyGnscl0oomX1IeKxSNsHTXw4uA8mSVaLTapas4jttg8Bu25CFTZ14aif5t5G8gHz1WvwNpECcxteWyvNe/0HCLBx/DhHCqhADe7DX

In [31]:
unverified_header = jwt.get_unverified_header(token)

In [32]:
print(unverified_header)

{'alg': 'RS256', 'typ': 'JWT', 'kid': 'q-T4RNHRWFpVmBQALhB6b'}


In [34]:
if 'kid' in unverified_header:
    print('kid')

kid


In [36]:
for key in jwks['keys']:
    if key['kid'] == unverified_header['kid']:
        print(key)

{'alg': 'RS256', 'kty': 'RSA', 'use': 'sig', 'n': 'w8eUm6bAa9nYOFFQihvdbuW3WS3ERy3CyUDaLw1S3jRiDlHE_r-RnJwJ0t_G4SihOrNhB1Pa2awDv8k9IK4U8zGc5iADSQYQFsWv47XisYm1Ki9a-iNomyI8qMAdzg_Ee0u9F5Amk7q6_aiCdPucuwJhuvwOKJSxCyGnscl0oomX1IeKxSNsHTXw4uA8mSVaLTapas4jttg8Bu25CFTZ14aif5t5G8gHz1WvwNpECcxteWyvNe_0HCLBx_DhHCqhADe7DXCLtJQrbAbICFT0YzbexGGZ97BYJvmaLTgIu6z_VeGHziHMWPi25fGyKAqDomgBoLAw4SK2Vd5kexL6yw', 'e': 'AQAB', 'kid': 'q-T4RNHRWFpVmBQALhB6b', 'x5t': '_USwZuXjj_NVu6Hyo4ozlEtXofc', 'x5c': ['MIIDDTCCAfWgAwIBAgIJeFzvMKjUEkFCMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNVBAMTGWRldi1pMTVqMG03Ni51cy5hdXRoMC5jb20wHhcNMjIwOTIyMTkzMjIzWhcNMzYwNTMxMTkzMjIzWjAkMSIwIAYDVQQDExlkZXYtaTE1ajBtNzYudXMuYXV0aDAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8eUm6bAa9nYOFFQihvdbuW3WS3ERy3CyUDaLw1S3jRiDlHE/r+RnJwJ0t/G4SihOrNhB1Pa2awDv8k9IK4U8zGc5iADSQYQFsWv47XisYm1Ki9a+iNomyI8qMAdzg/Ee0u9F5Amk7q6/aiCdPucuwJhuvwOKJSxCyGnscl0oomX1IeKxSNsHTXw4uA8mSVaLTapas4jttg8Bu25CFTZ14aif5t5G8gHz1WvwNpECcxteWyvNe/0HCLBx/DhHCqhADe7DXCLtJQrbAbI