Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20 System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64 User : apache ( 48) PHP Version : 7.4.20 Disable Function : NONE Directory : /proc/self/root/usr/share/mysqlsh/oci_sdk/oci/auth/ |
# coding: utf-8
# Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
import oci._vendor.jwt as jwt
import time
class SecurityTokenContainer(object):
DEFAULT_EXPIRY_JITTER_SECONDS = 60
def __init__(self, session_key_supplier, security_token):
self.security_token = security_token
self.session_key_supplier = session_key_supplier
self.jwt = jwt.decode(jwt=security_token, verify=False)
def get_jwt(self):
return self.jwt
def valid(self):
return not self._expired_with_jitter(0)
def valid_with_jitter(self, jitter=DEFAULT_EXPIRY_JITTER_SECONDS):
return not self._expired_with_jitter(jitter)
def _expired_with_jitter(self, jitter):
"""
Checks expiry with some jitter to account for clock skews on the client and also, for
non-skewed clients, the scenario where the token was valid when we checked but became
invalid before we sent a request (this should be rare).
Regarding clock skew, in this context we are only worried about the scenario where the
client's time is behind the server time as then tokens look like they will be valid for
longer than they are and calls could fail with 401s.
If the client's time is ahead of the server time that's not great but it would just lead
to tokens being refreshed more often, this would not cause hard failures but could lead
to higher perceived latency on the client
:param int jitter:
The amount of jitter, in seconds, to apply to the expiry time in the token
"""
time_now = int(time.time())
return time_now > (self.jwt['exp'] - jitter) # The exp key which PyJWT returns is in epoch seconds