Authorization¶
-
apicore.Authorization()¶ Check that JSON Web Token (JWT) passed through
Authorizationheader or through query parameter ‘token’ is valid. The JWT MUST be provided by an OpenID Connect provider and be passed as a Bearer token :Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
To validate signature, the publics keys are retrieved by fetching the issuer URL at
/.well-known/openid-configurationand are store in cache for further use.Returns: The claims contained in the JWT body.
Return type: Raises: - apicore.Http401Exception – If they is no Authorization header.
- apicore.Http403Exception – If Authorization header is not valid.