Pass the issuer for optimized server logging.

Authress · Oct 1, 2024 · cf477c3 · cf477c3
1 parent 9b65233
commit cf477c3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/authress/api/token_verifier.py b/authress/api/token_verifier.py
@@ -56,7 +56,7 @@ def verify_token(self, authressCustomDomain, token, options=None):
     if (clientIdMatcher is not None and clientIdMatcher.group(1) != unverifiedPayload['sub']):
       raise Exception("Unauthorized", "Service ID does not match token sub claim")
 
-    jwk = self.get_public_key(f"{issuer}/.well-known/openid-configuration/jwks?kid={kid}", kid)
+    jwk = self.get_public_key(f"{issuer}/.well-known/openid-configuration/jwks?kid={kid}&iss={urlparse(issuer).netloc}", kid)
 
     try:
       return jwt.decode(authenticationToken, jwt.api_jwk.PyJWK.from_dict(jwk).key, algorithms=['EdDSA'], options = { 'verify_aud': False })