K
Kinde10mo ago
Juicyapple2

JWT Authorization in Python Backend

Hi, I have Kinde connected in my next.js frontend and am sending a bearer_token to my python backend whenever I hit an API. I'm having some trouble authenticating the token though as I'm getting the following error: 
server-1  |   File "/app/app/routers/videos.py", line 56, in create_video
server-1  |     jwt_authoriation(credentials.credentials)
server-1  |   File "/app/app/routers/videos.py", line 36, in jwt_authoriation
server-1  |     configuration = Configuration(access_token=token)
server-1  |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
server-1  | TypeError: Configuration.__init__() got an unexpected keyword argument 'access_token'
server-1  |   File "/app/app/routers/videos.py", line 56, in create_video
server-1  |     jwt_authoriation(credentials.credentials)
server-1  |   File "/app/app/routers/videos.py", line 36, in jwt_authoriation
server-1  |     configuration = Configuration(access_token=token)
server-1  |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
server-1  | TypeError: Configuration.__init__() got an unexpected keyword argument 'access_token'
Here is my code below: 
security = HTTPBearer()

class Video(BaseModel):
    video_url: str


def jwt_authoriation(token: str = None):
    configuration = Configuration(access_token=token)
    # Create an instance of the API class
    api_instance = o_auth_api.OAuthApi(ApiClient(configuration))
    try:
        # Get token details
        api_response = api_instance.token_introspection()
        print(api_response)
    except ApiException as e:
        print("Exception when calling OAuthApi->token_introspection: %s\n" % e)


@router.post("/create", status_code=status.HTTP_201_CREATED,)
def create_video(
    video: Video,
    db: AsyncSession = Depends(get_db),
    credentials: HTTPAuthorizationCredentials = Depends(security),
):
    jwt_authoriation(credentials.credentials)
security = HTTPBearer()

class Video(BaseModel):
    video_url: str


def jwt_authoriation(token: str = None):
    configuration = Configuration(access_token=token)
    # Create an instance of the API class
    api_instance = o_auth_api.OAuthApi(ApiClient(configuration))
    try:
        # Get token details
        api_response = api_instance.token_introspection()
        print(api_response)
    except ApiException as e:
        print("Exception when calling OAuthApi->token_introspection: %s\n" % e)


@router.post("/create", status_code=status.HTTP_201_CREATED,)
def create_video(
    video: Video,
    db: AsyncSession = Depends(get_db),
    credentials: HTTPAuthorizationCredentials = Depends(security),
):
    jwt_authoriation(credentials.credentials)
For reference, I'm trying to follow this guide https://github.com/kinde-oss/kinde-python-sdk/blob/main/kinde_sdk/docs/apis/tags/OAuthApi.md/#token_introspection. This is sorta a continuation of this thread: https://discord.com/channels/1070212618549219328/1199580425719390248/1205269710946566144. Is this the correct way to do this or is there a better way? Any help is appreciated, thanks.
Discord
Discord - A New Way to Chat with Friends & Communities
Discord is the easiest way to communicate over voice, video, and text. Chat, hang out, and stay close with your friends and communities.
GitHub
kinde-python-sdk/kinde_sdk/docs/apis/tags/OAuthApi.md at main · kin...
Kinde SDK for Python. Contribute to kinde-oss/kinde-python-sdk development by creating an account on GitHub.
2 Replies
Martin
Martin10mo ago
This is the code which I'm using on my Python backend: 
import jwt

def _validate_auth_header_value(auth_header_value: str):
    token = auth_header_value.split(" ")[1]
    jwks_client = jwt.PyJWKClient(f"https://{KINDE_API_BASE_DOMAIN}/.well-known/jwks")
    signing_key = jwks_client.get_signing_key_from_jwt(token)
    decoded_token = jwt.decode(
        token,
        signing_key.key,
        algorithms=["RS256"],
        audience="<audience-name>",
    )
    # https://kinde.com/docs/build/about-access-tokens/
    
    user_id = decoded_token["sub"]
    user_email = decoded_token["email"]
    logger.info(f"User ID: {user_id}, email: {user_email}")
import jwt

def _validate_auth_header_value(auth_header_value: str):
    token = auth_header_value.split(" ")[1]
    jwks_client = jwt.PyJWKClient(f"https://{KINDE_API_BASE_DOMAIN}/.well-known/jwks")
    signing_key = jwks_client.get_signing_key_from_jwt(token)
    decoded_token = jwt.decode(
        token,
        signing_key.key,
        algorithms=["RS256"],
        audience="<audience-name>",
    )
    # https://kinde.com/docs/build/about-access-tokens/
    
    user_id = decoded_token["sub"]
    user_email = decoded_token["email"]
    logger.info(f"User ID: {user_id}, email: {user_email}")
Juicyapple2
Juicyapple2OP10mo ago
@Martin This works, thanks!
Want results from more Discord servers?
Add your server