Use JWT for payload

bookernath · bookernath · commit bf5eb071a271 · 2021-06-20T18:27:30.000-05:00
diff --git a/.gitignore b/.gitignore
@@ -44,3 +44,4 @@ Thumbs.db
 # Environment #
 ###############
 *.env
+venv/
diff --git a/app.py b/app.py
@@ -188,14 +188,16 @@ def auth_callback():
 @app.route('/bigcommerce/load')
 def load():
     # Decode and verify payload
-    payload = flask.request.args['signed_payload']
-    user_data = BigcommerceApi.oauth_verify_payload(payload, client_secret())
-    if user_data is False:
+    payload = flask.request.args['signed_payload_jwt']
+    try:
+        user_data = BigcommerceApi.oauth_verify_payload_jwt(payload, client_secret(), client_id())
+    except Exception as e:
+        print(e)
         return "Payload verification failed!", 401
 
     bc_user_id = user_data['user']['id']
     email = user_data['user']['email']
-    store_hash = user_data['store_hash']
+    store_hash = user_data['sub'].split('stores/')[1]
 
     # Lookup store
     store = Store.query.filter_by(store_hash=store_hash).first()
diff --git a/requirements.txt b/requirements.txt
@@ -4,7 +4,7 @@ Werkzeug==2.0.1
 itsdangerous==2.0.1
 requests==2.25.1
 python-dotenv==0.17.1
-bigcommerce==0.22.0
+bigcommerce==0.22.2
 gunicorn==20.1.0
 psycopg2==2.8.6
 Flask-SQLAlchemy==2.5.1
