lemoncurry/lemonauth/tokens.py

import jwt

from datetime import datetime, timedelta
from django.conf import settings


def encode(payload):
    return jwt.encode(payload, settings.SECRET_KEY, algorithm='HS256')


def decode(token):
    return jwt.decode(token, settings.SECRET_KEY, algorithms=('HS256',))


def gen_auth_code(req):
    code = {
        'uid': req.user.id,
        'cid': req.POST['client_id'],
        'uri': req.POST['redirect_uri'],
        'typ': req.POST.get('response_type', 'id'),
        'iat': datetime.utcnow(),
        'exp': datetime.utcnow() + timedelta(seconds=30),
    }
    if 'scope' in req.POST:
        code['sco'] = ' '.join(req.POST.getlist('scope'))

    return encode(code)


def verify_auth_code(c):
    return decode(c)
Switch from database-persisted auth codes to stateless JSON Web Tokens :) 2017-11-02 01:36:16 -04:00			`import jwt`

			`from datetime import datetime, timedelta`
			`from django.conf import settings`


Refactor the actual JWT calls into separate functions since I'll be needing them for tokens as well as auth codes 2017-11-02 23:37:39 -04:00			`def encode(payload):`
			`return jwt.encode(payload, settings.SECRET_KEY, algorithm='HS256')`


			`def decode(token):`
			`return jwt.decode(token, settings.SECRET_KEY, algorithms=('HS256',))`


Add the current user's ID to the auth code, will be handy when making a token since we need to know who the token's for 2017-11-03 00:51:27 -04:00			`def gen_auth_code(req):`
Switch from database-persisted auth codes to stateless JSON Web Tokens :) 2017-11-02 01:36:16 -04:00			`code = {`
Add the current user's ID to the auth code, will be handy when making a token since we need to know who the token's for 2017-11-03 00:51:27 -04:00			`'uid': req.user.id,`
Simplify the auth code format a little: the 'me' value can be computed from the user ID and so is redundant 2017-11-03 01:14:30 -04:00			`'cid': req.POST['client_id'],`
			`'uri': req.POST['redirect_uri'],`
			`'typ': req.POST.get('response_type', 'id'),`
Improve JWT security by specifying the algorithm used, and also use shorter key names to make the code a little shorter 2017-11-02 23:33:27 -04:00			`'iat': datetime.utcnow(),`
			`'exp': datetime.utcnow() + timedelta(seconds=30),`
Switch from database-persisted auth codes to stateless JSON Web Tokens :) 2017-11-02 01:36:16 -04:00			`}`
Simplify the auth code format a little: the 'me' value can be computed from the user ID and so is redundant 2017-11-03 01:14:30 -04:00			`if 'scope' in req.POST:`
			`code['sco'] = ' '.join(req.POST.getlist('scope'))`
Switch from database-persisted auth codes to stateless JSON Web Tokens :) 2017-11-02 01:36:16 -04:00
Simplify the auth code format a little: the 'me' value can be computed from the user ID and so is redundant 2017-11-03 01:14:30 -04:00			`return encode(code)`
Switch from database-persisted auth codes to stateless JSON Web Tokens :) 2017-11-02 01:36:16 -04:00

			`def verify_auth_code(c):`
Refactor the actual JWT calls into separate functions since I'll be needing them for tokens as well as auth codes 2017-11-02 23:37:39 -04:00			`return decode(c)`