about summary refs log tree commit diff
path: root/gn_auth/auth/authorisation/users/masquerade/models.py
diff options
context:
space:
mode:
Diffstat (limited to 'gn_auth/auth/authorisation/users/masquerade/models.py')
-rw-r--r--gn_auth/auth/authorisation/users/masquerade/models.py13
1 files changed, 11 insertions, 2 deletions
diff --git a/gn_auth/auth/authorisation/users/masquerade/models.py b/gn_auth/auth/authorisation/users/masquerade/models.py
index ae2abad..a55e462 100644
--- a/gn_auth/auth/authorisation/users/masquerade/models.py
+++ b/gn_auth/auth/authorisation/users/masquerade/models.py
@@ -1,13 +1,16 @@
 """Functions for handling masquerade."""
-from uuid import uuid4
+import uuid
 from functools import wraps
 from datetime import datetime
+from authlib.jose import jwt
 
 from flask import current_app as app
 
 
 from gn_auth.auth.errors import ForbiddenAccess
 
+from gn_auth.auth.jwks import newest_jwk_with_rotation, jwks_directory
+
 from ...roles.models import user_roles
 from ....db import sqlite3 as db
 from ....authentication.users import User
@@ -55,8 +58,14 @@ def masquerade_as(
         user=masqueradee,
         expires_in=__FIVE_HOURS__,
         include_refresh_token=True)
+
+    _jwt = jwt.decode(
+        original_token.access_token,
+        newest_jwk_with_rotation(
+            jwks_directory(app),
+            int(app.config["JWKS_ROTATION_AGE_DAYS"])))
     new_token = OAuth2Token(
-        token_id=uuid4(),
+        token_id=uuid.UUID(_jwt["jti"]),
         client=original_token.client,
         token_type=token_details["token_type"],
         access_token=token_details["access_token"],
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-12-05 13:41:12 +0000