diff --git a/yletunnus/backends.py b/yletunnus/backends.py index 64159ada..8f25981d 100644 --- a/yletunnus/backends.py +++ b/yletunnus/backends.py @@ -31,5 +31,8 @@ def get_user_details(self, response): } def user_data(self, access_token, *args, **kwargs): - data = jwt.decode(access_token, secret=self.setting('SECRET'), verify=False) + data = jwt.decode( + access_token, key=self.setting('SECRET'), algorithms=('HS256', 'HS512'), + verify=True, issuer='https://auth.api.yle.fi', audience=self.setting('KEY') + ) return data diff --git a/yletunnus/tests/test_backend.py b/yletunnus/tests/test_backend.py index 0d6828c0..dc389aad 100644 --- a/yletunnus/tests/test_backend.py +++ b/yletunnus/tests/test_backend.py @@ -12,7 +12,7 @@ class YleTunnusOAuth2Test(OAuth2Test): - client_key = 'a-key' + client_key = 'a-client-id' client_secret = 'a-secret-key' backend_path = 'yletunnus.backends.YleTunnusOAuth2' @@ -69,8 +69,8 @@ def prepare_access_token_body(self, client_key=None, tamper_message=False, timegm(issue_datetime.utctimetuple()) ) - key = SYMKey(key=self.client_key, alg='HS512') - body['access_token'] = JWS(id_token, jwk=key, alg='HS512').sign_compact() + key = SYMKey(key=self.client_secret, alg='HS256') + body['access_token'] = JWS(id_token, jwk=key, alg='HS256').sign_compact() if tamper_message: header, msg, sig = body['id_token'].split('.') id_token['sub'] = '1235'