autopush.jwt
¶
-
class
autopush.jwt.
VerifyJWT
[source]¶ Minimally verify a Vapid JWT object.
Why hand roll? Most python JWT libraries either use a python elliptic curve library directly, or call one that does, or is abandoned, or a dozen other reasons.
After spending half a day looking for reasonable replacements, I decided to just write the functions we need directly.
THIS IS NOT A FULL JWT REPLACEMENT.
-
static
extract_signature
(auth)[source]¶ Fix the JWT auth token.
The JWA spec defines the signature to be a pair of 32octet encoded longs. The ecdsa library signs using a raw, 32octet pair of values (s, r). Cryptography, which uses OpenSSL, uses a DER sequence of (s, r). This function converts the raw ecdsa to DER.
Parameters: auth (str) – A JWT authorization token. :return tuple containing the signature material and signature
-
static
extract_assertion
(token)[source]¶ Extract the assertion dictionary from the passed token. This does NOT do validation.
Parameters: token (str) – Partial or full VAPID auth token :return dict of the VAPID claims
-
static
validate_and_extract_assertion
(token, key)[source]¶ Decode a web token into a assertion dictionary.
This attempts to rectify both ecdsa and openssl generated signatures. We use the built-in cryptography library since it wraps libssl and is faster than the python only approach.
Parameters: :return dict of the VAPID claims
:raise InvalidSignature
-
static