Olympus Docs
CookbookTokens & OAuth2

Validate an access token (Python)

Verify Olympus access tokens in a Python backend

Opaque tokens (default)

import os
import requests

HYDRA_INTROSPECT = os.environ["HYDRA_INTROSPECT_URL"]
HYDRA_ADMIN_AUTH = (os.environ["HYDRA_ADMIN_USER"], os.environ["HYDRA_ADMIN_PASS"])

def validate_token(token: str) -> dict:
    response = requests.post(
        HYDRA_INTROSPECT,
        data={"token": token},
        auth=HYDRA_ADMIN_AUTH,
        timeout=5,
    )
    response.raise_for_status()
    info = response.json()
    if not info.get("active"):
        raise ValueError("token inactive")
    return info

Wire into FastAPI:

from fastapi import Depends, HTTPException, Header

async def get_user(authorization: str = Header(...)) -> dict:
    if not authorization.startswith("Bearer "):
        raise HTTPException(401, "missing token")
    try:
        return validate_token(authorization[7:])
    except Exception:
        raise HTTPException(401, "invalid token")

@app.get("/widgets")
async def list_widgets(user: dict = Depends(get_user)):
    return {"user": user["sub"], "widgets": []}

JWT tokens

from jose import jwt
import requests

ISSUER = os.environ["OLYMPUS_ISSUER"]
jwks_cache = None

def get_jwks():
    global jwks_cache
    if jwks_cache is None:
        jwks_cache = requests.get(f"{ISSUER}/.well-known/jwks.json").json()
    return jwks_cache

def validate_jwt(token: str) -> dict:
    return jwt.decode(token, get_jwks(), algorithms=["RS256"], issuer=ISSUER)

Validate an access token (Node.js)

Verify Olympus access tokens in a Node.js backend

Validate an access token (Rust)

Verify Olympus access tokens in a Rust backend

On this page

Opaque tokens (default)JWT tokensRelated