Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verifying audience and issuer claims #38

Closed
quorth0n opened this issue Aug 13, 2018 · 8 comments
Closed

Verifying audience and issuer claims #38

quorth0n opened this issue Aug 13, 2018 · 8 comments

Comments

@quorth0n
Copy link

I am following the guide at https://auth0.com/docs/quickstart/backend/django/01-authorization to use auth0 with DRF. This guide uses the django-rest-framework-jwt package which allows verification of the aud (audience) and iss (issuer) fields as per RFC 7519 Section 4.1.3. Is this possible with the current state of this library?

ajhodges added a commit to ShipChain/django-rest-framework-simplejwt that referenced this issue Jan 15, 2019
matthiask added a commit to matthiask/django-rest-framework-simplejwt that referenced this issue Mar 26, 2019
…rest-framework-simplejwt into lmv

* 'aud-iss-claims-support' of github.com:ShipChain/django-rest-framework-simplejwt:
  Account for all 12 possible permutations of header/payload ordering
  Add support for aud and iss claims, addresses jazzband#38
ajhodges added a commit to ShipChain/django-rest-framework-simplejwt that referenced this issue Sep 19, 2019
davesque added a commit that referenced this issue Sep 19, 2019
Add support for aud and iss claims, addresses #38
@ajhodges
Copy link
Contributor

I think this can be closed now 🎉

@quorth0n
Copy link
Author

quorth0n commented Sep 20, 2019

I think so too, thanks for your PR

@dbinetti
Copy link

dbinetti commented Dec 5, 2019

Hey @whirish sorry to bother, but were you able to get SimpleJWT to work with Auth0? I've struck out and if so I'd really, really appreciate a pointer or two. Thanks.

@quorth0n
Copy link
Author

quorth0n commented Dec 6, 2019

@dbinetti I abandoned auth0 before the PR was made and haven't had a chance to test it, sorry. You might have better luck contacting the PR's author.

@ajhodges
Copy link
Contributor

ajhodges commented Dec 6, 2019

I have not tested simplejwt with auth0 but we do use django-oidc-provider, and since they are both oidc implementations, I can't imagine why they wouldn't be compatible. What sorts of issues are you running in to?

@dbinetti
Copy link

dbinetti commented Dec 6, 2019 via email

@ajhodges
Copy link
Contributor

ajhodges commented Dec 6, 2019

Not sure that gives me enough context to be of any help, sorry. This issue was originally about this section of the auth0 Django quickstart guide:
image
which applies to another package. Previously simplejwt did not have an analogue for the JWT_AUDIENCE and JWT_ISSUER settings; I added them in #62 and they can be found in the readme: https://github.com/davesque/django-rest-framework-simplejwt#settings

Since these are just extra validation checks that default to be disabled, my hunch is that your issue may lie elseware. "Invalid token" can mean a number of things, and usually there is a little more detail included in the exception.

@dbinetti
Copy link

dbinetti commented Dec 6, 2019 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants