Feature: Allow options for verification and requirement of azp

Question

Feature: Allow options for verification and requirement of azp

redbmk opened this issue 2 years ago · comments

Could we add an option to verify azp (Authorized party - the party to which the ID Token was issued)? For example:

jwt.decode(
  token,
  key,
  azp="asdf1234",
  options: {"require_azp": True},
)

Braden Kelley · Answer 1 · Wed Jan 18 2023 08:11:15 GMT+0800 (China Standard Time)

Current workaround would simply be something like this:

claims = jwt.decode(...)
if "azp" not in claims:
    raise JWTError("Expected azp to be in claims")
elif calims["azp"] != expected_azp
    raise JWTError("Invalid authorized party")