stackoom
  简体   繁体   中英

Django doesn't validate or see the JWT token from Azure

 原文  2022-06-14 14:56:10       python/ django/ azure/ django-rest-framework/ jwt

Question

I used azure-ad-verify-token 0.2.1 on Django-rest backend to validate a jwt token from Microsoft Azure , where the user is authenticated on the frontend with React .

According to the documentation, this library should do everything on its own.

from azure_ad_verify_token import verify_jwt

azure_ad_app_id = 'my app id'
azure_ad_issuer = 'https://exampletenant.b2clogin.com/0867afa-24e7-40e9-9d27-74bb598zzzzc/v2.0/'
azure_ad_jwks_uri = 'https://exampletenant.b2clogin.com/exampletenant.onmicrosoft.com/B2C_1_app_sign_in/discovery/v2.0/keys'
payload = verify_jwt(
    token='<AZURE_JWT_TO_VERIFY_HERE>',
    valid_audiences=[azure_ad_app_id],
    issuer=azure_ad_issuer,
    jwks_uri=azure_ad_jwks_uri,
    verify=True,
)

print(payload)

I don't understand the line token='<AZURE_JWT_TO_VERIFY_HERE>' , how can I put the token there?

Authorization from Azure on React is successful, and I get a access jwt-token that I can extract: 

token = request.headers['Authorization']

But I need to validate it and somehow insert it into a string token='<AZURE_JWT_TO_VERIFY_HERE>' , but it doesn't recognize the request here.

How can I put a token= from the header ?

And in general, is this the right way? Or am I missing something? Any help and hints would be very helpful and would be greatly appreciated. Or advise another library for token validation in Python .

1 answers

solution1
 0  2022-06-17 12:07:31

  • azure-ad-verify-token This is used to verify the tokens received from azure ad.

  • You have to get auth tokens from azure using MSAL python library and the azure-ad-verify-token will then verify the token.

  • To retrieve the tokens, you will need MSAL python library, and it will also take clientid and tenentd as arguments.

test_app=PublicClientApplication(client_id=client_id,authority="https://login.microsoftonline.com/"+tenant_id)

test_tokens=test_app.acquire_token_interactive(scopes=scopes)

  • Now you can take the token you just received and use it in the azure-ad-verify-token .

token=test_tokens['access_token']

Reference:

MSAL Python

Authenticate Python apps by using the Azure SDK for Python

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Validate JWT access_token from AAD Azure Fails AFNetworking and Token from Django JWT Generate Django JWT token from inside a view Postgresql doesn't see models from Django(Heroku) Python JWT doesn't validate with google public key Authenticating with JWT token in Django django-recaptcha doesn't validate the input Django doesn't see static css files Django doesn't see fk in other table Django doesn't see static files
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM