From 58b1bad19684fcfd13d1509360c7a680bc98804e Mon Sep 17 00:00:00 2001
From: Chris Tran <chris.tran@agilebits.com>
Date: Mon, 23 Dec 2024 14:55:14 -0600
Subject: [PATCH] feat: remove auth origin comparison from jwt validation

---
 passageidentity/auth.py     |  4 +---
 passageidentity/helper.py   | 18 ------------------
 passageidentity/requests.py | 23 -----------------------
 3 files changed, 1 insertion(+), 44 deletions(-)
 delete mode 100644 passageidentity/helper.py
 delete mode 100644 passageidentity/requests.py

diff --git a/passageidentity/auth.py b/passageidentity/auth.py
index 4f1608b..e1f81ab 100644
--- a/passageidentity/auth.py
+++ b/passageidentity/auth.py
@@ -7,7 +7,6 @@
 import jwt as pyjwt
 
 from passageidentity.errors import PassageError
-from passageidentity.helper import fetch_app
 from passageidentity.models.magic_link_args import MagicLinkWithEmailArgs, MagicLinkWithPhoneArgs, MagicLinkWithUserArgs
 from passageidentity.openapi_client.api.magic_links_api import MagicLinksApi
 from passageidentity.openapi_client.exceptions import ApiException
@@ -32,7 +31,6 @@ def __init__(self, app_id: str, request_headers: dict[str, str]) -> None:
             # must set a user agent to avoid 403 from CF
             headers={"User-Agent": "passageidentity/python"},
         )
-        self.app = fetch_app(self.app_id)
 
         self.magic_links_api = MagicLinksApi()
 
@@ -48,7 +46,7 @@ def validate_jwt(self, jwt: str) -> str:
             claims = pyjwt.decode(
                 jwt,
                 public_key,
-                audience=[self.app_id] if self.app["hosted"] else self.app["auth_origin"],
+                audience=self.app_id,
                 algorithms=["RS256"],
             )
 
diff --git a/passageidentity/helper.py b/passageidentity/helper.py
deleted file mode 100644
index ff12fa8..0000000
--- a/passageidentity/helper.py
+++ /dev/null
@@ -1,18 +0,0 @@
-"""Provides helper functions for interacting with the Passage Identity API."""
-
-from http import HTTPStatus
-
-from passageidentity import requests
-from passageidentity.errors import PassageError
-
-
-def fetch_app(app_id: str) -> dict:
-    """Fetch the public key for the given app id from Passage."""
-    # unauthenticated request to get the public key
-    r = requests.get(f"https://api.passage.id/v1/apps/{app_id}")
-
-    if r.status_code != HTTPStatus.OK:
-        msg = f"Could not fetch app information for app id {app_id}"
-        raise PassageError(msg)
-
-    return r.json()["app"]
diff --git a/passageidentity/requests.py b/passageidentity/requests.py
deleted file mode 100644
index c152440..0000000
--- a/passageidentity/requests.py
+++ /dev/null
@@ -1,23 +0,0 @@
-"""Provides functions to make HTTP requests with optional API key authorization."""
-
-from __future__ import annotations
-
-from importlib import metadata
-
-import requests
-
-PACKAGE_VERSION = metadata.version("passage-identity")
-
-
-def get_headers(api_key: str | None = None) -> dict[str, str]:
-    """Create a new headers dict with the package version included."""
-    headers = {"Passage-Version": f"passage-python {PACKAGE_VERSION}"}
-    if api_key:
-        headers["Authorization"] = "Bearer " + api_key
-
-    return headers
-
-
-def get(url: str, api_key: str | None = None) -> requests.Response:
-    """Send a GET request with API key in Authorization header if provided."""
-    return requests.get(url, headers=get_headers(api_key))  # noqa: S113