allow to pass in aditional JWT headers too

lepture · Sep 28, 2021 · e8eb90f · e8eb90f
1 parent f711e94
commit e8eb90f
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 10 deletions.
diff --git a/authlib/oauth2/rfc7523/assertion.py b/authlib/oauth2/rfc7523/assertion.py
@@ -5,12 +5,11 @@
 
 def sign_jwt_bearer_assertion(
         key, issuer, audience, subject=None, issued_at=None,
-        expires_at=None, claims=None, header=None, **kwargs):
+        expires_at=None, alg=None, header=None, claims=None, **kwargs):
 
     if header is None:
         header = {}
-    alg = kwargs.pop('alg', None)
-    if alg:
+    if alg is not None:
         header['alg'] = alg
     if 'alg' not in header:
         raise ValueError('Missing "alg" in header')
@@ -38,13 +37,15 @@ def sign_jwt_bearer_assertion(
 
 
 def client_secret_jwt_sign(client_secret, client_id, token_endpoint, alg='HS256',
-                           claims=None, **kwargs):
-    return _sign(client_secret, client_id, token_endpoint, alg, claims, **kwargs)
+                           header=None, claims=None, **kwargs):
+    return _sign(client_secret, client_id, token_endpoint,
+                 alg, header=header, claims=claims, **kwargs)
 
 
 def private_key_jwt_sign(private_key, client_id, token_endpoint, alg='RS256',
-                         claims=None, **kwargs):
-    return _sign(private_key, client_id, token_endpoint, alg, claims, **kwargs)
+                         header=None, claims=None, **kwargs):
+    return _sign(private_key, client_id, token_endpoint,
+                 alg, header=header, claims=claims, **kwargs)
 
 
 def _sign(key, client_id, token_endpoint, alg, claims=None, **kwargs):

diff --git a/authlib/oauth2/rfc7523/auth.py b/authlib/oauth2/rfc7523/auth.py
@@ -27,8 +27,9 @@ class ClientSecretJWT(object):
     name = 'client_secret_jwt'
     alg = 'HS256'
 
-    def __init__(self, token_endpoint=None, claims=None, alg=None):
+    def __init__(self, token_endpoint=None, alg=None, header=None, claims=None):
         self.token_endpoint = token_endpoint
+        self.header = header
         self.claims = claims
         if alg is not None:
             self.alg = alg
@@ -38,8 +39,9 @@ def sign(self, auth, token_endpoint):
             auth.client_secret,
             client_id=auth.client_id,
             token_endpoint=token_endpoint,
-            claims=self.claims,
             alg=self.alg,
+            header=self.header,
+            claims=self.claims,
         )
 
     def __call__(self, auth, method, uri, headers, body):
@@ -83,8 +85,9 @@ def sign(self, auth, token_endpoint):
             auth.client_secret,
             client_id=auth.client_id,
             token_endpoint=token_endpoint,
-            claims=self.claims,
             alg=self.alg,
+            header=self.header,
+            claims=self.claims,
         )