Extract load_key construction to separate method

This approach allows implementors to define custom key selection strategy without need to override the entire parse_id_token method.
lepture · Jun 19, 2024 · 341ce0e · 341ce0e
1 parent 12da188
commit 341ce0e
Showing 1 changed file with 14 additions and 9 deletions.
diff --git a/authlib/integrations/base_client/sync_openid.py b/authlib/integrations/base_client/sync_openid.py
@@ -33,15 +33,8 @@ def parse_id_token(self, token, nonce, claims_options=None, leeway=120):
         """Return an instance of UserInfo from token's ``id_token``."""
         if 'id_token' not in token:
             return None
-
-        def load_key(header, _):
-            jwk_set = JsonWebKey.import_key_set(self.fetch_jwk_set())
-            try:
-                return jwk_set.find_by_kid(header.get('kid'))
-            except ValueError:
-                # re-try with new jwk set
-                jwk_set = JsonWebKey.import_key_set(self.fetch_jwk_set(force=True))
-                return jwk_set.find_by_kid(header.get('kid'))
+
+        load_key = self.create_load_key()
 
         claims_params = dict(
             nonce=nonce,
@@ -75,3 +68,15 @@ def load_key(header, _):
 
         claims.validate(leeway=leeway)
         return UserInfo(claims)
+
+    def create_load_key(self):
+        def load_key(header, _):
+            jwk_set = JsonWebKey.import_key_set(self.fetch_jwk_set())
+            try:
+                return jwk_set.find_by_kid(header.get('kid'))
+            except ValueError:
+                # re-try with new jwk set
+                jwk_set = JsonWebKey.import_key_set(self.fetch_jwk_set(force=True))
+                return jwk_set.find_by_kid(header.get('kid'))
+
+        return load_key