Skip to content

Commit

Permalink
fix: Add PyJWKClientError to raised errors documentation and handle…
Browse files Browse the repository at this point in the history 
… possible uncaught errors. (#733)

* fix: Add PyJWKClientError to raised error documentaion and handle possible uncaught errors

* fix: grammar
  • Loading branch information
@jonathanedey
jonathanedey authored Nov 15, 2023
1 parent 44b7568 commit c77608e
Showing 1 changed file with 10 additions and 4 deletions.
14 changes: 10 additions & 4 deletions firebase_admin/app_check.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

from typing import Any, Dict
import jwt
from jwt import PyJWKClient, ExpiredSignatureError, InvalidTokenError
from jwt import PyJWKClient, ExpiredSignatureError, InvalidTokenError, DecodeError
from jwt import InvalidAudienceError, InvalidIssuerError, InvalidSignatureError
from firebase_admin import _utils

Expand All @@ -38,6 +38,7 @@ def verify_token(token: str, app=None) -> Dict[str, Any]:
Raises:
ValueError: If the app's ``project_id`` is invalid or unspecified,
or if the token's headers or payload are invalid.
PyJWKClientError: If PyJWKClient fails to fetch a valid signing key.
"""
return _get_app_check_service(app).verify_token(token)

Expand Down Expand Up @@ -71,9 +72,14 @@ def verify_token(self, token: str) -> Dict[str, Any]:
# Obtain the Firebase App Check Public Keys
# Note: It is not recommended to hard code these keys as they rotate,
# but you should cache them for up to 6 hours.
signing_key = self._jwks_client.get_signing_key_from_jwt(token)
self._has_valid_token_headers(jwt.get_unverified_header(token))
verified_claims = self._decode_and_verify(token, signing_key.key)
try:
signing_key = self._jwks_client.get_signing_key_from_jwt(token)
self._has_valid_token_headers(jwt.get_unverified_header(token))
verified_claims = self._decode_and_verify(token, signing_key.key)
except (InvalidTokenError, DecodeError) as exception:
raise ValueError(
f'Verifying App Check token failed. Error: {exception}'
)

verified_claims['app_id'] = verified_claims.get('sub')
return verified_claims
Expand Down

0 comments on commit c77608e

Please sign in to comment.