improved docstring for HasAccessToken Permission class

164535be · Tim Babych · aa3c503d · 164535be
Commit 164535be authored Dec 03, 2014 by Tim Babych
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 0 deletions

notesapi/v1/permissions.py
+14 -0

No files found.
--- a/notesapi/v1/permissions.py
+++ b/notesapi/v1/permissions.py
@@ -13,6 +13,20 @@ class TokenWrongIssuer(Exception):
 class HasAccessToken(BasePermission):
    """
    Allow requests having valid ID Token.
+    https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-31
+    Expected Token:
+    Header {
+        "alg": "HS256",
+        "typ": "JWT"
+    }
+    Claims {
+        "sub": "<USER_ID>",
+        "exp": <EXPIRATION TIMESTAMP>,
+        "iat": <ISSUED TIMESTAMP>,
+        "aud": "<CLIENT ID"
+    }
+    Should be signed with CLIENT_SECRET
    """
    def has_permission(self, request, view):
        if getattr(settings, 'DISABLE_TOKEN_CHECK', False):