I am trying to validate the access token from the api, everything works well except token validation. The react.js and drf are running on localhost. Therefore the audience is http://localhost/8000
.
def jwt_decode_token(token):
header = jwt.get_unverified_header(token)
jwks = requests.get('https://{}/.well-known/jwks.json'.format('domain')).json()
public_key = None
for jwk in jwks['keys']:
if jwk['kid'] == header['kid']:
public_key = jwt.algorithms.RSAAlgorithm.from_jwk(json.dumps(jwk))
if public_key is None:
raise Exception('Public key not found.')
issuer = 'https://{}/'.format('domain')
return jwt.decode(token, public_key, audience='http://localhost/8000', issuer=issuer, algorithms=['RS256'])
error
jwt.exceptions.InvalidAudienceError: Invalid audience