Authorization¶
-
apicore.
Authorization
()¶ Check that JSON Web Token (JWT) passed through
Authorization
header or through query parameter ‘token’ is valid. The JWT MUST be provided by an OpenID Connect provider and be passed as a Bearer token :Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
To validate signature, the publics keys are retrieved by fetching the issuer URL at
/.well-known/openid-configuration
and are store in cache for further use.Returns: The claims contained in the JWT body.
Return type: Raises: - apicore.Http401Exception – If they is no Authorization header.
- apicore.Http403Exception – If Authorization header is not valid.