diff --git a/intuitlib/utils.py b/intuitlib/utils.py index 68dddac..861b397 100644 --- a/intuitlib/utils.py +++ b/intuitlib/utils.py @@ -20,11 +20,10 @@ from datetime import datetime import random import string -from jose import jwk import requests from requests.sessions import Session import six -from requests_oauthlib import OAuth1 +from oic.utils.keyio import KeyBundle from intuitlib.enums import Scopes @@ -165,9 +164,10 @@ def validate_id_token(id_token, client_id, intuit_issuer, jwk_uri): return False message = id_token_parts[0] + '.' + id_token_parts[1] - keys_dict = get_jwk(id_token_header['kid'], jwk_uri) + key_dict = get_jwk(id_token_header['kid'], jwk_uri) - public_key = jwk.construct(keys_dict) + key_bundle = KeyBundle([key_dict]) + public_key = key_bundle.keys()[0] is_signature_valid = public_key.verify(message.encode('utf-8'), id_token_signature) return is_signature_valid @@ -186,7 +186,11 @@ def get_jwk(kid, jwk_uri): raise AuthClientError(response) data = response.json() keys = next(key for key in data["keys"] if key['kid'] == kid) - return keys + + if not keys: + raise AuthClientError(f"KID {kid} not found in JWKs") + + return keys[0] def _correct_padding(val): """Correct padding for JWT diff --git a/requirements.txt b/requirements.txt index e0f41ba..5d5eabb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,3 @@ -python_jose>=2.0.2 requests>=2.13.0 mock>=2.0.0 requests_oauthlib>=1.0.0 @@ -8,3 +7,4 @@ pytest>=3.8.0 pytest-cov==2.5.0 six>=1.10.0 enum-compat +oic \ No newline at end of file diff --git a/setup.py b/setup.py index 8d030be..ac19222 100644 --- a/setup.py +++ b/setup.py @@ -30,11 +30,11 @@ packages=find_packages(exclude=('tests*',)), namespace_packages=('intuitlib',), install_requires=[ - 'python_jose>=2.0.2', 'requests>=2.13.0', 'requests_oauthlib>=1.0.0', 'six>=1.10.0', 'enum-compat', + 'oic', ], license='Apache 2.0', keywords='intuit quickbooks oauth auth openid client'