aboutsummaryrefslogtreecommitdiffstats
path: root/thallium-backend/src/auth.py
diff options
context:
space:
mode:
Diffstat (limited to 'thallium-backend/src/auth.py')
-rw-r--r--thallium-backend/src/auth.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/thallium-backend/src/auth.py b/thallium-backend/src/auth.py
index 6a92a5c..14e126c 100644
--- a/thallium-backend/src/auth.py
+++ b/thallium-backend/src/auth.py
@@ -77,10 +77,11 @@ def build_jwt(
"""Build & sign a jwt."""
return jwt.encode(
payload={
- "sub": identifier,
+ "sub": str(identifier),
"iss": f"thallium:{user_type}",
"exp": datetime.now(tz=UTC) + timedelta(minutes=30),
"nbf": datetime.now(tz=UTC) - timedelta(minutes=1),
+ "iat": datetime.now(tz=UTC),
},
key=CONFIG.signing_key.get_secret_value(),
)
@@ -104,7 +105,7 @@ def verify_jwt(
key=CONFIG.signing_key.get_secret_value(),
issuer=issuers,
algorithms=("HS256",),
- options={"require": ["exp", "iss", "sub", "nbf"]},
+ options={"require": ["exp", "iss", "sub", "nbf", "iat"]},
)
except jwt.InvalidIssuerError as e:
raise HTTPException(403, "Your user type does not have access to this resource") from e
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-19 07:16:44 +0000