Utility Functions

This module contains useful utility functions.

jwt_decode_handler(token)

Decodes a JSON Web Token (JWT).

Notes

• Requires “exp” and “iat” claims to be present in the token’s payload.
• Supports multiple issuer decoding via settings.JWT_AUTH[‘JWT_ISSUERS’] (see below)
• Aids debugging by logging DecodeError and InvalidTokenError log entries when decoding fails.

Examples

Use with djangorestframework-jwt, by changing your Django settings:

JWT_AUTH = {
    'JWT_DECODE_HANDLER': 'edx_rest_framework_extensions.utils.jwt_decode_handler',
    'JWT_ISSUER': 'https://the.jwt.issuer',
    'JWT_SECRET_KEY': 'the-jwt-secret-key',  (defaults to settings.SECRET_KEY)
    'JWT_AUDIENCE': 'the-jwt-audience',
}

Enable multi-issuer support by specifying a list of dictionaries as settings.JWT_AUTH[‘JWT_ISSUERS’]:

JWT_ISSUERS = [
        {
            'ISSUER': 'test-issuer-1',
            'SECRET_KEY': 'test-secret-key-1',
            'AUDIENCE': 'test-audience-1',
        },
        {
            'ISSUER': 'test-issuer-2',
            'SECRET_KEY': 'test-secret-key-2',
            'AUDIENCE': 'test-audience-2',
        }
    ]

Parameters:

token (str) – JWT to be decoded.

Returns:

Decoded JWT payload.

Return type:

dict

Raises:

• MissingRequiredClaimError – Either the exp or iat claims is missing from the JWT payload.
• InvalidTokenError – Decoding fails.