diff options
| author | Frederick Muriuki Muriithi | 2025-01-10 12:44:57 -0600 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2025-01-10 13:03:01 -0600 |
| commit | f93680c074729dc249b76212298395d14bf431e1 (patch) | |
| tree | 84914539ba10dd53b193140e661791732af67815 /gn_auth/auth/authentication/oauth2 | |
| parent | 788953b146fd70a82da4d2bc6019387630b4db0e (diff) | |
| download | gn-auth-f93680c074729dc249b76212298395d14bf431e1.tar.gz | |
Allow for non-expiring JWT tokens.
Diffstat (limited to 'gn_auth/auth/authentication/oauth2')
| -rw-r--r-- | gn_auth/auth/authentication/oauth2/models/jwt_bearer_token.py | 20 | ||||
| -rw-r--r-- | gn_auth/auth/authentication/oauth2/resource_server.py | 5 |
2 files changed, 25 insertions, 0 deletions
diff --git a/gn_auth/auth/authentication/oauth2/models/jwt_bearer_token.py b/gn_auth/auth/authentication/oauth2/models/jwt_bearer_token.py index cca75f4..71769e1 100644 --- a/gn_auth/auth/authentication/oauth2/models/jwt_bearer_token.py +++ b/gn_auth/auth/authentication/oauth2/models/jwt_bearer_token.py @@ -1,5 +1,7 @@ """Implement model for JWTBearerToken""" import uuid +import time +from typing import Optional from authlib.oauth2.rfc7523 import JWTBearerToken as _JWTBearerToken @@ -28,3 +30,21 @@ class JWTBearerToken(_JWTBearerToken): def check_client(self, client): """Check that the client is right.""" return self.client.get_client_id() == client.get_client_id() + + + def get_expires_in(self) -> Optional[int]: + """Return the number of seconds the token is valid for since issue. + + If `None`, the token never expires.""" + if "exp" in self: + return self['exp'] - self['iat'] + return None + + + def is_expired(self): + """Check whether the token is expired. + + If there is no 'exp' member, assume this token will never expire.""" + if "exp" in self: + return self["exp"] < time.time() + return False diff --git a/gn_auth/auth/authentication/oauth2/resource_server.py b/gn_auth/auth/authentication/oauth2/resource_server.py index 9c885e2..8ecf923 100644 --- a/gn_auth/auth/authentication/oauth2/resource_server.py +++ b/gn_auth/auth/authentication/oauth2/resource_server.py @@ -43,6 +43,11 @@ class JWTBearerTokenValidator(_JWTBearerTokenValidator): self._last_jwks_update = datetime.now(tz=timezone.utc) self._refresh_frequency = timedelta(hours=int( extra_attributes.get("jwt_refresh_frequency_hours", 6))) + self.claims_options = { + 'exp': {'essential': False}, + 'client_id': {'essential': True}, + 'grant_type': {'essential': True}, + } def __refresh_jwks__(self): now = datetime.now(tz=timezone.utc) |