Skip to content

Can I access the iss claim? #26

Answered by ArtyomVancyan
marcvs asked this question in Q&A
Can I access the `iss` claim? #26
@marcvs marcvs
Sep 27, 2023 · 1 comment
Answered by ArtyomVancyan Return to top
Discussion options

marcvs
Sep 27, 2023

You must be logged in to vote
Answered by ArtyomVancyan Sep 27, 2023

The request.user contains the user information obtained from the particular API endpoint based on the used IDP and most likely should not contain any JWT claims such as iss. After the successful login, you have the access_token in your request context and accessible by request.auth.provider.access_token. Try to decode it with the algorithm it is signed with. For determining the algorithm, you can paste your token in https://jwt.io/ and also ensure that it contains the iss claim or not.

from jose.jwt import encode as jwt_decode

@router.get("/")
async def root(request: Request):
    print(jwt_decode(request.auth.provider.access_token, "", "<alg>"))
View full answer

Replies: 1 comment

Comment options

ArtyomVancyan
Sep 27, 2023
Maintainer

You must be logged in to vote
0 replies
Answer selected by marcvs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants
@marcvs @ArtyomVancyan