Handle facebook limited login #113
Conversation
src/auth.py
Outdated
| @@ -107,6 +114,16 @@ def rq_get(request: Request, key: str) -> str: | |||
| return j.get(key, "") | |||
| return "" | |||
|
|
|||
| def get_facebook_public_key(): | |||
There was a problem hiding this comment.
Missing type annotation on return type
src/auth.py
Outdated
| @@ -107,6 +114,16 @@ def rq_get(request: Request, key: str) -> str: | |||
| return j.get(key, "") | |||
| return "" | |||
|
|
|||
| def get_facebook_public_key(): | |||
| # Get the public key from Facebook's JWKS endpoint | |||
| response = requests.get(FACEBOOK_JWT_ENDPOINT) | |||
There was a problem hiding this comment.
We need some kind of error handling around this, i.e. a try-catch block, and a way to return an error status if the fetch was not successful.
src/auth.py
Outdated
| @@ -107,6 +114,16 @@ def rq_get(request: Request, key: str) -> str: | |||
| return j.get(key, "") | |||
| return "" | |||
|
|
|||
| def get_facebook_public_key(): | |||
There was a problem hiding this comment.
Add an @lrucache or @cache decorator here - we don't need to re-fetch this on every login
src/auth.py
Outdated
| msg = "" | ||
|
|
||
| # Verify if this is a limited login (iOS only) | ||
| is_limited_login = rq.get("isLimitedLogin", False) |
There was a problem hiding this comment.
Consider using rq.get_bool() here
src/auth.py
Outdated
| except jwt.InvalidTokenError: | ||
| return ( | ||
| jsonify( | ||
| {"status": "invalid", "msg": "Invalid Facebook expired",} |
There was a problem hiding this comment.
"Invalid Facebook token"
src/auth.py
Outdated
| public_key_pem = jwt.algorithms.RSAAlgorithm.from_jwk(key_data) | ||
|
|
||
| return public_key_pem | ||
| @lru_cache(maxsize=1) |
There was a problem hiding this comment.
Use @cache here, @lru_cache is not needed. But how often does the Facebook public key change? If it changes e.g. every 24 hours we need a mechanism to refetch it if the last value fetched is > 12 hours old.
There was a problem hiding this comment.
The documentation doesn’t specify a time frame for public key changes, but I believe we should refetch it every week.
src/auth.py
Outdated
|
|
||
| return public_key_pem # Return the key and success status | ||
| except requests.exceptions.RequestException as e: | ||
| print(f"An error occurred while fetching the public key: {e}") |
There was a problem hiding this comment.
Use logging.error() instead of print
src/auth.py
Outdated
| print(f"An error occurred while fetching the public key: {e}") | ||
| return None # Return None and failure status | ||
| except KeyError as e: | ||
| print(f"Key error: {e}") |
There was a problem hiding this comment.
Use logging.error() instead of print
kadyvillicana
force-pushed
the
facebook-limited-login
branch
from
b62bea4
to
46375ea
Compare
No description provided.