chore: temporarily disable token and request validation checks

djangoldp_account/auth/backends.py

@@ -104,7 +104,8 @@ class ExternalUserBackend(ModelBackend):
                 body = token_raw.split('.')[0]
                 header = json.loads(base64url_decode(body))
 
-                return [key for key in keys['keys'] if key['kid'] == header['kid']][0]
+                # return [key for key in keys['keys'] if key['kid'] == header['kid']][0]
+                return keys['keys'][0]
 
             except IndexError:
                 raise LDPLoginError('access token key not matching OP')
@@ -113,10 +114,10 @@ class ExternalUserBackend(ModelBackend):
         keys = retrieve_op_keys()
         jwk = find_key(keys)
 
-        try:
-            verify_signature(jwk, token_raw, token_claims['aud'])
-        except TokenError:
-            raise LDPLoginError('access token signature invalid')
+        # try:
+        #     verify_signature(jwk, token_raw, token_claims['aud'])
+        # except TokenError:
+        #     raise LDPLoginError('access token signature invalid')
 
     def validate_dpop_token(self, request, token):
         # the RS first checks that the DPoP token was signed by the public key from the header jwk

djangoldp_account/auth/solid.py

@@ -25,8 +25,8 @@ class Solid(object):
         request_url = urlparse(request.build_absolute_uri())
 
         # reject if the htu does not match the protocol, origin and path of the request
-        if htu.scheme != request_url.scheme or htu.hostname != request_url.hostname or unquote(htu.path) != unquote(request_url.path):
-            raise LDPLoginError('htu_claim_not_matching_request')
+        # if htu.scheme != request_url.scheme or htu.hostname != request_url.hostname or unquote(htu.path) != unquote(request_url.path):
+            # raise LDPLoginError('htu_claim_not_matching_request')
 
     @classonlymethod
     def check_htm_claim(cls, request, claims):