@@ -126,22 +126,6 @@ def _fetch_key(self, key_id=None):
126126 return self ._shared_secret
127127
128128
129- class AsymmetricSignatureVerifier (SignatureVerifier ):
130- """Verifier for RSA signatures, which rely on public key certificates.
131-
132- Args:
133- jwks_url (str): The url where the JWK set is located.
134- algorithm (str, optional): The expected signing algorithm. Defaults to "RS256".
135- """
136-
137- def __init__ (self , jwks_url , algorithm = "RS256" ):
138- super ().__init__ (algorithm )
139- self ._fetcher = JwksFetcher (jwks_url )
140-
141- def _fetch_key (self , key_id = None ):
142- return self ._fetcher .get_key (key_id )
143-
144-
145129class JwksFetcher :
146130 """Class that fetches and holds a JSON web key set.
147131 This class makes use of an in-memory cache. For it to work properly, define this instance once and re-use it.
@@ -239,6 +223,23 @@ def get_key(self, key_id):
239223 raise TokenValidationError (f'RSA Public Key with ID "{ key_id } )
240224
241225
226+ class AsymmetricSignatureVerifier (SignatureVerifier ):
227+ """Verifier for RSA signatures, which rely on public key certificates.
228+
229+ Args:
230+ jwks_url (str): The url where the JWK set is located.
231+ algorithm (str, optional): The expected signing algorithm. Defaults to "RS256".
232+ cache_ttl (int, optional): The lifetime of the JWK set cache in seconds. Defaults to 600 seconds.
233+ """
234+
235+ def __init__ (self , jwks_url , algorithm = "RS256" , cache_ttl = JwksFetcher .CACHE_TTL ):
236+ super ().__init__ (algorithm )
237+ self ._fetcher = JwksFetcher (jwks_url , cache_ttl )
238+
239+ def _fetch_key (self , key_id = None ):
240+ return self ._fetcher .get_key (key_id )
241+
242+
242243class TokenVerifier :
243244 """Class that verifies ID tokens following the steps defined in the OpenID Connect spec.
244245 An OpenID Connect ID token is not meant to be consumed until it's verified.
0 commit comments