Skip to content

Commit 03a5a57

Browse files
acrossenacrossen
committed
Propagate InvalidAudienceError -> invalid_token_callback, and more audience tests
1 parent eb87b72 commit 03a5a57

File tree

2 files changed

+29
-1
lines changed

2 files changed

+29
-1
lines changed

flask_jwt_extended/jwt_manager.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import datetime
22

3-
from jwt import ExpiredSignatureError, InvalidTokenError
3+
from jwt import ExpiredSignatureError, InvalidTokenError, InvalidAudienceError
44

55
from flask_jwt_extended.config import config
66
from flask_jwt_extended.exceptions import (
@@ -108,6 +108,10 @@ def handle_jwt_decode_error(e):
108108
def handle_wrong_token_error(e):
109109
return self._invalid_token_callback(str(e))
110110

111+
@app.errorhandler(InvalidAudienceError)
112+
def handle_invalid_audience_error(e):
113+
return self._invalid_token_callback(str(e))
114+
111115
@app.errorhandler(RevokedTokenError)
112116
def handle_revoked_token_error(e):
113117
return self._revoked_token_callback()

tests/test_view_decorators.py

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -210,6 +210,30 @@ def test_jwt_missing_claims(app):
210210
assert response.get_json() == {'msg': 'Missing claim: identity'}
211211

212212

213+
def test_jwt_invalid_audience(app):
214+
url = '/protected'
215+
jwtM = get_jwt_manager(app)
216+
test_client = app.test_client()
217+
218+
# No audience claim expected or provided - OK
219+
access_token = encode_token(app, {'identity': 'me'})
220+
response = test_client.get(url, headers=make_headers(access_token))
221+
assert response.status_code == 200
222+
223+
# Audience claim expected and not provided - not OK
224+
app.config['JWT_DECODE_AUDIENCE'] = 'my_audience'
225+
access_token = encode_token(app, {'identity': 'me'})
226+
response = test_client.get(url, headers=make_headers(access_token))
227+
assert response.status_code == 422
228+
assert response.get_json() == {'msg': 'Token is missing the "aud" claim'}
229+
230+
# Audience claim still expected and wrong one provided - not OK
231+
access_token = encode_token(app, {'aud': 'different_audience', 'identity': 'me'})
232+
response = test_client.get(url, headers=make_headers(access_token))
233+
assert response.status_code == 422
234+
assert response.get_json() == {'msg': 'Invalid audience'}
235+
236+
213237
def test_expired_token(app):
214238
url = '/protected'
215239
jwtM = get_jwt_manager(app)

0 commit comments

Comments
 (0)