Skip to content

Commit

Permalink
Validate iat as int (#252)
Browse files Browse the repository at this point in the history 
* Only validate that iat is an int

* Restore previous

* not
  • Loading branch information
@ludeeus
ludeeus committed May 16, 2024
1 parent 994b7fc commit 0788efb
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions pycognito/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,7 @@ def verify_token(self, token, id_name, token_use):
issuer=self.user_pool_url,
options={
"require": required_claims,
"verify_iat": False,
},
)
except jwt.PyJWTError as err:
Expand All @@ -274,6 +275,14 @@ def verify_token(self, token, id_name, token_use):
f"Your {id_name!r} token use ({token_use!r}) could not be verified."
)

if (iat := verified.get("iat")) is not None:
try:
int(iat)
except ValueError as execption:
raise TokenVerificationException(
f"Your {id_name!r} token's iat claim is not a valid integer."
) from execption

# Compute and verify at_hash (formerly done by python-jose)
if "at_hash" in verified:
alg_obj = jwt.get_algorithm_by_name(header["alg"])
Expand Down

0 comments on commit 0788efb

Please sign in to comment.