Add VERIFY_ISSUER and VERIFY_AUDIENCE

lnagel · lnagel · commit 97120237ba31 · 2019-10-09T13:46:09.000+03:00
diff --git a/README.rst b/README.rst
@@ -183,6 +183,8 @@ Full list of settings parameters with their defaults::
         'DECODE_ALGORITHMS': None,
         'VERIFY_SIGNATURE': True,
         'VERIFY_EXPIRATION': True,
+        'VERIFY_ISSUER': True,
+        'VERIFY_AUDIENCE': True,
         'VERIFY_SESSION_TOKEN': True,
         'EXPIRATION_LEEWAY': 0,
         'SESSION_EXPIRATION': None,
diff --git a/rest_framework_sso/settings.py b/rest_framework_sso/settings.py
@@ -20,6 +20,8 @@
     "DECODE_ALGORITHMS": None,
     "VERIFY_SIGNATURE": True,
     "VERIFY_EXPIRATION": True,
+    "VERIFY_ISSUER": True,
+    "VERIFY_AUDIENCE": True,
     "VERIFY_SESSION_TOKEN": True,
     "EXPIRATION_LEEWAY": 0,
     "SESSION_EXPIRATION": None,
diff --git a/rest_framework_sso/utils.py b/rest_framework_sso/utils.py
@@ -108,7 +108,11 @@ def decode_jwt_token(token):
 
     public_key, key_id = get_public_key_and_key_id(issuer=unverified_issuer, key_id=unverified_key_id)
 
-    options = {"verify_exp": api_settings.VERIFY_EXPIRATION, "verify_aud": True, "verify_iss": True}
+    options = {
+        "verify_exp": api_settings.VERIFY_EXPIRATION,
+        "verify_iss": api_settings.VERIFY_ISSUER,
+        "verify_aud": api_settings.VERIFY_AUDIENCE,
+    }
 
     payload = jwt.decode(
         jwt=token,
diff --git a/setup.py b/setup.py
@@ -15,7 +15,7 @@
 
 setup(
     name="djangorestframework-sso",
-    version="0.2.2",
+    version="0.2.3",
     packages=find_packages(exclude=["tests"]),
     include_package_data=True,
     license="MIT License",
