Merge pull request #12 from auth0-samples/Error-handling

Annyv2 · web-flow · commit cc3a0ff8611f · 2017-06-14T11:04:46.000+02:00
Error handling
diff --git a/00-Starter-Seed/server.py b/00-Starter-Seed/server.py
@@ -74,7 +74,16 @@ def decorated(*args, **kwargs):
         token = get_token_auth_header()
         jsonurl = urllib.urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
         jwks = json.loads(jsonurl.read())
-        unverified_header = jwt.get_unverified_header(token)
+        try:
+            unverified_header = jwt.get_unverified_header(token)
+        except jwt.JWTError:
+            return handle_error({"code": "invalid_header",
+                                 "description": "Invalid header. "
+                                                "Use an RS256 signed JWT Access Token"}, 401)
+        if unverified_header["alg"] == "HS256":
+            return handle_error({"code": "invalid_header",
+                                 "description": "Invalid header. "
+                                                "Use an RS256 signed JWT Access Token"}, 401)
         rsa_key = {}
         for key in jwks["keys"]:
             if key["kid"] == unverified_header["kid"]:
