symphony.bdk.core.auth.jwt_helper.validate_jwt

symphony.bdk.core.auth.jwt_helper.validate_jwt(jwt_token: str, certificate: str, allowed_audience: str) → dict

Validate a jwt against a X509 certificate in pem format and returns the jwt claims.

Parameters

• jwt_token – the token to be validated

• certificate – the X509 certificate in pem format to be used for jwt validation

• allowed_audience – the expected value in “aud” claim. If it doesn’t match jwt will be rejected

Returns

a dictionary containing the jwt claims

Raises

AuthInitializationError – If the certificate or jwt are invalid.