auth: add tokens.py — HS256 JWT sign/verify helpers
This commit is contained in:
Davide Scaini
@@ -0,0 +1,28 @@
|
|||||||
|
"""JWT helpers for bincio-auth.
|
||||||
|
|
||||||
|
Tokens are HS256-signed JWTs. Consumers validate locally using the shared
|
||||||
|
secret — no round-trip to the auth service per request.
|
||||||
|
"""
|
||||||
|
|
||||||
|
from __future__ import annotations
|
||||||
|
|
||||||
|
import time
|
||||||
|
|
||||||
|
import jwt
|
||||||
|
|
||||||
|
|
||||||
|
def create_token(payload: dict, secret: str, expires_in: int) -> str:
|
||||||
|
"""Return a signed JWT.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
payload: Claims to embed (will be shallow-copied; 'exp' is added).
|
||||||
|
secret: HS256 signing key.
|
||||||
|
expires_in: Validity window in seconds from now.
|
||||||
|
"""
|
||||||
|
claims = {**payload, "exp": int(time.time()) + expires_in}
|
||||||
|
return jwt.encode(claims, secret, algorithm="HS256")
|
||||||
|
|
||||||
|
|
||||||
|
def decode_token(token: str, secret: str) -> dict:
|
||||||
|
"""Decode and verify a JWT. Raises jwt.PyJWTError on any failure."""
|
||||||
|
return jwt.decode(token, secret, algorithms=["HS256"])
|
||||||
Reference in New Issue
Block a user