Include the issued at date stamp in JWTs

author: Chris Lovering <[email protected]> 2024-08-27 22:19:46 +0100
committer: Chris Lovering <[email protected]> 2024-08-27 22:24:43 +0100
commit: ae68c59967138dc04faee0cb6df357952c68c80d (patch)
tree: 5ea9667addb2815203bcffb5057551712d767af5
parent: Add columns for storing user auth info (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/thallium-backend/src/auth.py b/thallium-backend/src/auth.py
index 6a92a5c..14e126c 100644
--- a/thallium-backend/src/auth.py
+++ b/thallium-backend/src/auth.py
@@ -77,10 +77,11 @@ def build_jwt(
     """Build & sign a jwt."""
     return jwt.encode(
         payload={
-            "sub": identifier,
+            "sub": str(identifier),
             "iss": f"thallium:{user_type}",
             "exp": datetime.now(tz=UTC) + timedelta(minutes=30),
             "nbf": datetime.now(tz=UTC) - timedelta(minutes=1),
+            "iat": datetime.now(tz=UTC),
         },
         key=CONFIG.signing_key.get_secret_value(),
     )
@@ -104,7 +105,7 @@ def verify_jwt(
             key=CONFIG.signing_key.get_secret_value(),
             issuer=issuers,
             algorithms=("HS256",),
-            options={"require": ["exp", "iss", "sub", "nbf"]},
+            options={"require": ["exp", "iss", "sub", "nbf", "iat"]},
         )
     except jwt.InvalidIssuerError as e:
         raise HTTPException(403, "Your user type does not have access to this resource") from e
author	Chris Lovering <[email protected]>	2024-08-27 22:19:46 +0100
committer	Chris Lovering <[email protected]>	2024-08-27 22:24:43 +0100
commit	ae68c59967138dc04faee0cb6df357952c68c80d (patch)
tree	5ea9667addb2815203bcffb5057551712d767af5
parent	Add columns for storing user auth info (diff)