diff --git a/auth_jwt/README.rst b/auth_jwt/README.rst index 5869e0b861..0ae874edb4 100644 --- a/auth_jwt/README.rst +++ b/auth_jwt/README.rst @@ -48,24 +48,24 @@ Odoo controller routes. To use it, you must: -- Create an ``auth.jwt.validator`` record to configure how the JWT - token will be validated. -- Add an ``auth="jwt_{validator-name}"`` or - ``auth="public_or_jwt_{validator-name}"`` attribute to the routes you - want to protect where ``{validator-name}`` corresponds to the name - attribute of the JWT validator record. +- Create an ``auth.jwt.validator`` record to configure how the JWT token + will be validated. +- Add an ``auth="jwt_{validator-name}"`` or + ``auth="public_or_jwt_{validator-name}"`` attribute to the routes you + want to protect where ``{validator-name}`` corresponds to the name + attribute of the JWT validator record. The ``auth_jwt_demo`` module provides examples. The JWT validator can be configured with the following properties: -- ``name``: the validator name, to match the - ``auth="jwt_{validator-name}"`` route property. -- ``audience``: a comma-separated list of allowed audiences, used to - validate the ``aud`` claim. -- ``issuer``: used to validate the ``iss`` claim. -- Signature type (secret or public key), algorithm, secret and JWK URI - are used to validate the token signature. +- ``name``: the validator name, to match the + ``auth="jwt_{validator-name}"`` route property. +- ``audience``: a comma-separated list of allowed audiences, used to + validate the ``aud`` claim. +- ``issuer``: used to validate the ``iss`` claim. +- Signature type (secret or public key), algorithm, secret and JWK URI + are used to validate the token signature. In addition, the ``exp`` claim is validated to reject expired tokens. @@ -135,7 +135,8 @@ Authors Contributors ------------ -- Stéphane Bidoul +- Stéphane Bidoul +- Mohamed Alkobrosli Maintainers ----------- diff --git a/auth_jwt/readme/CONTRIBUTORS.md b/auth_jwt/readme/CONTRIBUTORS.md index 26dc3dda9d..d6260f557c 100644 --- a/auth_jwt/readme/CONTRIBUTORS.md +++ b/auth_jwt/readme/CONTRIBUTORS.md @@ -1 +1,2 @@ - Stéphane Bidoul \<\> +- Mohamed Alkobrosli \<\> diff --git a/auth_jwt/static/description/index.html b/auth_jwt/static/description/index.html index 2966067ae7..341f0c558d 100644 --- a/auth_jwt/static/description/index.html +++ b/auth_jwt/static/description/index.html @@ -395,8 +395,8 @@

Usage

Odoo controller routes.

To use it, you must:

    -
  • Create an auth.jwt.validator record to configure how the JWT -token will be validated.
    • +
  • Create an auth.jwt.validator record to configure how the JWT token +will be validated.
  • Add an auth="jwt_{validator-name}" or auth="public_or_jwt_{validator-name}" attribute to the routes you want to protect where {validator-name} corresponds to the name @@ -473,6 +473,7 @@

    Authors

    Contributors

    diff --git a/auth_jwt/tests/test_auth_jwt.py b/auth_jwt/tests/test_auth_jwt.py index 2d9296e023..6a87e87cbc 100644 --- a/auth_jwt/tests/test_auth_jwt.py +++ b/auth_jwt/tests/test_auth_jwt.py @@ -201,7 +201,7 @@ def test_auth_method_invalid_token_on_chain(self): self.assertEqual( str(composite_error.exception), "401 Unauthorized: " - + "Multiple errors occurred during JWT chain validation:\n" + "Multiple errors occurred during JWT chain validation:\n" "validator: 401 Unauthorized: " "The server could not verify that you are authorized to " "access the URL requested. You either supplied the wrong "