Mgregchi
Mgregchi
PostsComments
KKinde
Created by iamaman on 4/15/2024 in #💻┃support
How to validate an access token in Python?
I finally made it to work... As stated on the doc, you have to grab the well-known keys from https://yourbiz.kinde.com/.well-known/jwks then use it to validate the access token. For Python I used the recommended jwkest Example code 
function verifyJwt(token) {
  const jose = require('jose');
  const jwksUrl = 'https://<your_subdomain>.(link unavailable)';
  try {
    const keys = await jose.fetchJwks(jwksUrl);
    const verified = await jose.verifyJwt(token, keys);
    return verified;
  } catch (err) {
    return false;
  }
}
function verifyJwt(token) {
  const jose = require('jose');
  const jwksUrl = 'https://<your_subdomain>.(link unavailable)';
  try {
    const keys = await jose.fetchJwks(jwksUrl);
    const verified = await jose.verifyJwt(token, keys);
    return verified;
  } catch (err) {
    return false;
  }
}
This function fetches the JWKS from the provided URL, and then uses the fetched keys to verify the JWT. If the verification is successful, it returns the verified payload; otherwise, it returns false. Make sure to replace <your_subdomain> with your actual Kinde subdomain. Note: The fetchJwks function is used to fetch the JWKS from the endpoint, and the verifyJwt function is used to verify the JWT using the fetched keys. Used Jose because it's listed among the recommended
15 replies
KKinde
Created by iamaman on 4/15/2024 in #💻┃support
How to validate an access token in Python?
What I don't really understand is why is there a getToken() but not verifyToken() I think I will just mail support and if no solution tomorrow, then I will opt out using kinde especially for now. My project would've been deployed by now if I sticked with firebase.
15 replies
KKinde
Created by iamaman on 4/15/2024 in #💻┃support
How to validate an access token in Python?
Hello, I have been stuck with this for about a week now. I slept on the documentation also Kinde API but nothing seem to work. Still trying to identify user via the acccess token before performing any task on the backend (Python). Currently, i have this: 
import requests

TOKEN = "eyJhbGci***"
ORG_NAME = "example"

def introspect_token(token, token_type, *args, **kwargs):
    introspection_url = f'https://{ORG_NAME}.kinde.com/oauth2/introspect'
    headers = {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Accept': 'application/json',
        'Authorization': f'Bearer {TOKEN}'
    }
    data = {
        'token': token,
        'token_type': token_type
    }
    response = requests.post(introspection_url, data=data, headers=headers)
    return response.json()

def token_introspect_view(token, token_type="Bearer"):
    introspection_response = introspect_token(token, token_type)
    print(introspection_response)


token_introspect_view(token="kp_kdjejr***")
import requests

TOKEN = "eyJhbGci***"
ORG_NAME = "example"

def introspect_token(token, token_type, *args, **kwargs):
    introspection_url = f'https://{ORG_NAME}.kinde.com/oauth2/introspect'
    headers = {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Accept': 'application/json',
        'Authorization': f'Bearer {TOKEN}'
    }
    data = {
        'token': token,
        'token_type': token_type
    }
    response = requests.post(introspection_url, data=data, headers=headers)
    return response.json()

def token_introspect_view(token, token_type="Bearer"):
    introspection_response = introspect_token(token, token_type)
    print(introspection_response)


token_introspect_view(token="kp_kdjejr***")
The doc isn't clear about this tho but anyway, i recieve 
{'error': 'token_inactive', 'error_description': 'Token is inactive because it is malformed, expired or otherwise invalid. An introspection strategy indicated that the token is inactive.'}
{'error': 'token_inactive', 'error_description': 'Token is inactive because it is malformed, expired or otherwise invalid. An introspection strategy indicated that the token is inactive.'}
Even if i refresh and get new access token. I don't know what's up with it...maybe doing it wrong. I have Also tried following another approach i saw on the doc under "Verifying JSON Web Tokens" but not working for me. Any update?
15 replies