diff --git a/docs/settings.rst b/docs/settings.rst index f19a6b50..b05dc2cf 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -48,12 +48,6 @@ of ``mozilla-django-oidc``. OpenID Connect client secret provided by your OP -.. py:attribute:: OIDC_RP_CLIENT_SECRET_ENCODED - - :default: ``False`` - - Controls whether your client secret requires base64 decoding for verification - .. py:attribute:: OIDC_VERIFY_JWT :default: ``True`` diff --git a/mozilla_django_oidc/auth.py b/mozilla_django_oidc/auth.py index 384ae186..ed3a3d12 100644 --- a/mozilla_django_oidc/auth.py +++ b/mozilla_django_oidc/auth.py @@ -80,11 +80,12 @@ def verify_token(self, token, **kwargs): """Validate the token signature.""" nonce = kwargs.get('nonce') - secret = self.OIDC_RP_CLIENT_SECRET - if import_from_settings('OIDC_RP_CLIENT_SECRET_ENCODED', False): - secret = base64.urlsafe_b64decode(self.OIDC_RP_CLIENT_SECRET) # Verify the token - verified_token = jws.verify(token, secret, algorithms=['HS256']) + verified_token = jws.verify( + token, + self.OIDC_RP_CLIENT_SECRET, + algorithms=['HS256'] + ) # The 'verified_token' will always be a byte string since it's # the result of base64.urlsafe_b64decode(). # The payload is always the result of base64.urlsafe_b64decode(). diff --git a/tests/test_auth.py b/tests/test_auth.py index e8c6afd2..70a1c314 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -288,7 +288,6 @@ def test_jwt_decode_params_verify_false(self, request_mock, jws_mock): jws_mock.assert_has_calls(calls) @override_settings(OIDC_USE_NONCE=True) - @override_settings(OIDC_RP_CLIENT_SECRET_ENCODED=False) @patch('mozilla_django_oidc.auth.jws') def test_jwt_failed_nonce(self, jwt_mock): """Test Nonce verification."""