about summary refs log tree commit diff
path: root/gn_auth/auth/authentication
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2025-01-10 13:07:29 -0600
committerFrederick Muriuki Muriithi2025-01-10 13:07:29 -0600
commit61771c5467cb05cef05b17f3f50ab2bef604e5f4 (patch)
tree2b9d36012d3cb6d218b84ac4b4a26557562d8550 /gn_auth/auth/authentication
parentf93680c074729dc249b76212298395d14bf431e1 (diff)
downloadgn-auth-61771c5467cb05cef05b17f3f50ab2bef604e5f4.tar.gz
Rework `get_token_data()` to only set 'exp' if its provided.
Diffstat (limited to 'gn_auth/auth/authentication')
-rw-r--r--gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py17
1 files changed, 15 insertions, 2 deletions
diff --git a/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py b/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py
index 27783ac..d8cd5af 100644
--- a/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py
+++ b/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py
@@ -1,5 +1,6 @@
 """JWT as Authorisation Grant"""
 import uuid
+import time
 
 from flask import current_app as app
 
@@ -24,8 +25,20 @@ class JWTBearerTokenGenerator(_JWTBearerTokenGenerator):
             self, grant_type, client, expires_in=None, user=None, scope=None
     ):
         """Post process data to prevent JSON serialization problems."""
-        tokendata = super().get_token_data(
-            grant_type, client, expires_in, user, scope)
+        issued_at = int(time.time())
+        tokendata = {
+            "scope": self.get_allowed_scope(client, scope),
+            "grant_type": grant_type,
+            "iat": issued_at,
+            "client_id": client.get_client_id()
+        }
+        if isinstance(expires_in, int) and expires_in > 0:
+            tokendata["exp"] = issued_at + expires_in
+        if self.issuer:
+            tokendata["iss"] = self.issuer
+        if user:
+            tokendata["sub"] = self.get_sub_value(user)
+
         return {
             **{
                 key: str(value) if key.endswith("_id") else value