-
Notifications
You must be signed in to change notification settings - Fork 0
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm 🏄
mbq/tokens/decoder.py
Outdated
@@ -31,7 +31,7 @@ def __init__(self, certificate=None, allowed_audiences=None): | |||
|
|||
self._allowed_audiences = set(allowed_audiences) | |||
|
|||
def decode(self, token): | |||
def decode(self, token, verify_audience=True): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's an argument here that we shouldn't allow users of mbq.tokens
to shoot themselves in the foot or knowingly avoid checking the audience because it's "easier."
Another approach would be to provide a separate method Decoder.decode_foreign_token
(with a better name) that has the same functionality but doesn't give the caller the impression that they can use it whenever they want a more relaxed decoder.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated, totally open to suggestions on the name!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great!
tests/test_decoder.py
Outdated
@@ -57,6 +57,16 @@ def test_decode_bad_audience(self): | |||
with self.assertRaises(tokens.TokenError): | |||
decoder.decode(make_jwt(audience='different_audience')) | |||
|
|||
def test_decode_foreign_token(self): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: function name?
8b8b8e2
to
1815b6f
Compare
Allow for skipping audience verification when decoding
id_tokens
forwarded from BFFs