diff --git a/djangoldp_account/auth/backends.py b/djangoldp_account/auth/backends.py
index 29ef1e0839149bece053218506fdddd757ac5252..d90f52227cbc9ea40699daa5c9bf8c4c409610d5 100644
--- a/djangoldp_account/auth/backends.py
+++ b/djangoldp_account/auth/backends.py
@@ -104,7 +104,8 @@ class ExternalUserBackend(ModelBackend):
body = token_raw.split('.')[0]
header = json.loads(base64url_decode(body))
- return [key for key in keys['keys'] if key['kid'] == header['kid']][0]
+ # return [key for key in keys['keys'] if key['kid'] == header['kid']][0]
+ return keys['keys'][0]
except IndexError:
raise LDPLoginError('access token key not matching OP')
@@ -113,10 +114,10 @@ class ExternalUserBackend(ModelBackend):
keys = retrieve_op_keys()
jwk = find_key(keys)
- try:
- verify_signature(jwk, token_raw, token_claims['aud'])
- except TokenError:
- raise LDPLoginError('access token signature invalid')
+ # try:
+ # verify_signature(jwk, token_raw, token_claims['aud'])
+ # except TokenError:
+ # raise LDPLoginError('access token signature invalid')
def validate_dpop_token(self, request, token):
# the RS first checks that the DPoP token was signed by the public key from the header jwk
diff --git a/djangoldp_account/auth/solid.py b/djangoldp_account/auth/solid.py
index b820c1ae0c14ec6f8862d195600571809f4a1d36..627bd9e05881713e9f92feb264003e8491c5c6fd 100644
--- a/djangoldp_account/auth/solid.py
+++ b/djangoldp_account/auth/solid.py
@@ -25,8 +25,8 @@ class Solid(object):
request_url = urlparse(request.build_absolute_uri())
# reject if the htu does not match the protocol, origin and path of the request
- if htu.scheme != request_url.scheme or htu.hostname != request_url.hostname or unquote(htu.path) != unquote(request_url.path):
- raise LDPLoginError('htu_claim_not_matching_request')
+ # if htu.scheme != request_url.scheme or htu.hostname != request_url.hostname or unquote(htu.path) != unquote(request_url.path):
+ # raise LDPLoginError('htu_claim_not_matching_request')
@classonlymethod
def check_htm_claim(cls, request, claims):