From 517bab855606cbd662d5c262410603b01929c172 Mon Sep 17 00:00:00 2001
From: Muhammad Umar Khan <m.umarkhan999@gmail.com>
Date: Mon, 18 Sep 2023 19:13:44 +0500
Subject: [PATCH] squash! refactoring

---
 edx_rest_framework_extensions/auth/jwt/decoder.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/edx_rest_framework_extensions/auth/jwt/decoder.py b/edx_rest_framework_extensions/auth/jwt/decoder.py
index 12534eda..c9461296 100644
--- a/edx_rest_framework_extensions/auth/jwt/decoder.py
+++ b/edx_rest_framework_extensions/auth/jwt/decoder.py
@@ -194,7 +194,8 @@ def _verify_jwt_signature(token, jwt_issuer, decode_symmetric_token):
     #   DEPR: Symmetric JWTs: https://github.com/openedx/public-engineering/issues/83
 
     # Pass only asymmetric_keys to only include asymmetric keys at first
-    key_set = get_verification_jwk_key_set(asymmetric_keys=settings.JWT_AUTH.get('JWT_PUBLIC_SIGNING_JWK_SET'))
+    asymmetric_keys = settings.JWT_AUTH.get('JWT_PUBLIC_SIGNING_JWK_SET')
+    key_set = get_verification_jwk_key_set(asymmetric_keys=asymmetric_keys)
     # .. custom_attribute_name: jwt_auth_verify_asymmetric_keys_count
     # .. custom_attribute_description: Number of JWT verification keys in use for this
     #   verification. Should be same as number of asymmetric public keys. This is
@@ -218,7 +219,6 @@ def _verify_jwt_signature(token, jwt_issuer, decode_symmetric_token):
     #   the asymmetric keys here is redundant and unnecessary, but this code is temporary and
     #   will be simplified once symmetric keys have been fully retired.
 
-    asymmetric_keys = settings.JWT_AUTH.get('JWT_PUBLIC_SIGNING_JWK_SET')
     secret_key = jwt_issuer['SECRET_KEY'] if decode_symmetric_token else None
     key_set = get_verification_jwk_key_set(asymmetric_keys=asymmetric_keys, secret_key=secret_key)
     # .. custom_attribute_name: jwt_auth_verify_all_keys_count
@@ -363,8 +363,13 @@ def _decode_and_verify_token(token, jwt_issuer):
 
 def get_verification_jwk_key_set(asymmetric_keys=None, secret_key=None):
     """
-    Returns a JWK Keyset containing all active keys that are configured
-    for verifying signatures.
+    Creates a JWK Keyset containing the provided keys.
+
+    Args:
+        asymmetric_keys (list or None): List of asymmetric JWK verification keys,
+            each in JSON format.
+        secret_key (str or None): Secret key for symmetric JWT verification, as an
+            unencoded string.
     """
     key_set = []