From 9f66f0982b4ea2400adc9d571a1f8f834ae618b3 Mon Sep 17 00:00:00 2001 From: ff137 Date: Mon, 24 Jul 2023 21:53:37 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=E2=9C=85=20introduce=20leeway=20of?= =?UTF-8?q?=201s=20for=20`jwt.decode`?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This addresses breaking change in `pyjwt` version 2.6 (https://github.com/jpadilla/pyjwt/pull/797), where validation will now raise an `ImmatureSignatureError` if the 'issued at' time is in the future, with default 0 leeway. Integration tests fail with `pyjwt~=2.6`, potentially because of clock synchronization / network latency between `issued_at` time at generation and decoding of the jwt; so, a leeway of 1 second accommodates any potential latency / clock sync issue Signed-off-by: ff137 --- aries_cloudagent/multitenant/base.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aries_cloudagent/multitenant/base.py b/aries_cloudagent/multitenant/base.py index d28a3a1cf2..6d07b52867 100644 --- a/aries_cloudagent/multitenant/base.py +++ b/aries_cloudagent/multitenant/base.py @@ -321,7 +321,7 @@ async def create_auth_token( def get_wallet_details_from_token(self, token: str) -> Tuple[str, str]: """Get the wallet_id and wallet_key from provided token.""" jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret") - token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5) + token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=1) wallet_id = token_body.get("wallet_id") wallet_key = token_body.get("wallet_key") return wallet_id, wallet_key @@ -360,7 +360,7 @@ async def get_profile_for_token( jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret") extra_settings = {} - token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5) + token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=1) wallet_id = token_body.get("wallet_id") wallet_key = token_body.get("wallet_key")