I am building an flask API that will manipulate data to be used in thingsboard.
Long story short, client logs in via thingsboard, get a jwt from that.
But the API rejects the jwt saying that signature verification failed.
Same secret key is being used on both sides.
Both thingsboard is on a remote server, API is currently local during development.
New to jwt manipulation, what am I missing?
Make sure that JWT_AUTH_USERNAME_KEY fit with the username that the library uses to get the user.
For example, when you get a Thingsboard JWT the username is in the sub key, and many libraries use username by default.
Maybe this piece of code can help you (implementation with JWT Rest Framework:
class CustomAuth(JSONWebTokenAuthentication):
def authenticate_credentials(self, payload):
"""
Returns an active user that matches the payload's user id and email.
"""
User = get_user_model()
# Thingsboard payload
if payload.get('sub') is not None:
username = payload.get('sub')
else:
# Our payload
username = payload.get('username')
if not username:
msg = _('Invalid payload.')
raise exceptions.AuthenticationFailed(msg)
try:
user = User.objects.get_by_natural_key(username)
except User.DoesNotExist:
msg = _('Invalid signature.')
raise exceptions.AuthenticationFailed(msg)
if not user.is_active:
msg = _('User account is disabled.')
raise exceptions.AuthenticationFailed(msg)
return user
Version 3.21.0 of flask-jwt-extended adds a JWT_DECODE_ISSUER option which should solve this for you: https://github.com/vimalloc/flask-jwt-extended/releases/tag/3.21.0
