-
Notifications
You must be signed in to change notification settings - Fork 678
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verifying audience and issuer claims #38
Comments
…rest-framework-simplejwt into lmv * 'aud-iss-claims-support' of github.com:ShipChain/django-rest-framework-simplejwt: Account for all 12 possible permutations of header/payload ordering Add support for aud and iss claims, addresses jazzband#38
Add support for aud and iss claims, addresses #38
I think this can be closed now 🎉 |
I think so too, thanks for your PR |
Hey @whirish sorry to bother, but were you able to get SimpleJWT to work with Auth0? I've struck out and if so I'd really, really appreciate a pointer or two. Thanks. |
@dbinetti I abandoned auth0 before the PR was made and haven't had a chance to test it, sorry. You might have better luck contacting the PR's author. |
I have not tested simplejwt with auth0 but we do use django-oidc-provider, and since they are both oidc implementations, I can't imagine why they wouldn't be compatible. What sorts of issues are you running in to? |
well, the simplest -- I can't get it to work! :-) but more to the point,
I really don't know how to debug it: it simply says "invalid token" and I
don't know how to figure it out. I can check `django-oidc-provider` to see
if that provides any hints.
…On Thu, Dec 5, 2019 at 6:40 PM Adam Hodges ***@***.***> wrote:
I have not tested simplejwt with auth0 but we do use django-oidc-provider,
and since they are both oidc implementations, I can't imagine why they
wouldn't be compatible. What sorts of issues are you running in to?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#38>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABHPOQXQWTP3LDYSEO5XP3QXG3QLANCNFSM4FPHAOPQ>
.
|
Not sure that gives me enough context to be of any help, sorry. This issue was originally about this section of the auth0 Django quickstart guide: Since these are just extra validation checks that default to be disabled, my hunch is that your issue may lie elseware. "Invalid token" can mean a number of things, and usually there is a little more detail included in the exception. |
thank you for replying despite the dearth of information I have provided.
I have been working with Auth0 as well (apparently they are planning on
updating their Quickstart to account for SimpleJWT and not the [since
deprecated] djangorestframework-jwt package) but for now I'm stymied.
I did put a test repo up here with particular emphasis on the settings,
which I suspect is the culprit, but despite several permutations I haven't
found the magic combination. I was hoping someone with more insight than
my cargo-culting would be able to steer me in the right direction. When I
was using `djangorestframework-jwt` there where different exception classes
depending on what precisely failed, allowing me to debug the solution.
I've dug into the code but all I can find is the general `Authentication
Exception` class, and I am only receiving the default detail code of 'Token
is invalid or expired'
https://github.com/dbinetti/tutorial/blob/master/tutorial/settings.py
Anyway, this isn't an 'issue' in the sense that it isn't a bug report, but
I'm kinda stuck and just flailing....
Thanks
On Thu, Dec 5, 2019 at 7:34 PM Adam Hodges ***@***.***> wrote:
Not sure that gives me enough context to be of any help, sorry. This
issue was originally about this section of the auth0 Django quickstart
guide:
which applies to another package. Previously simplejwt did not have an
analogue for the JWT_AUDIENCE and JWT_ISSUER settings; I added them in #62
and they can be found in the readme:
https://github.com/davesque/django-rest-framework-simplejwt#settings
Since these are just extra validation checks that default to be disabled,
my hunch is that your issue may lie elseware. "Invalid token" can mean a
number of things, and usually there is a little more detail included in the
exception.
…
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
I am following the guide at https://auth0.com/docs/quickstart/backend/django/01-authorization to use auth0 with DRF. This guide uses the
django-rest-framework-jwt
package which allows verification of theaud
(audience) andiss
(issuer) fields as per RFC 7519 Section 4.1.3. Is this possible with the current state of this library?The text was updated successfully, but these errors were encountered: