Davide Scaini
29 lines
830 B
Python
29 lines
830 B
Python
"""JWT helpers for bincio-auth.
|
|
|
|
Tokens are HS256-signed JWTs. Consumers validate locally using the shared
|
|
secret — no round-trip to the auth service per request.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import time
|
|
|
|
import jwt
|
|
|
|
|
|
def create_token(payload: dict, secret: str, expires_in: int) -> str:
|
|
"""Return a signed JWT.
|
|
|
|
Args:
|
|
payload: Claims to embed (will be shallow-copied; 'exp' is added).
|
|
secret: HS256 signing key.
|
|
expires_in: Validity window in seconds from now.
|
|
"""
|
|
claims = {**payload, "exp": int(time.time()) + expires_in}
|
|
return jwt.encode(claims, secret, algorithm="HS256")
|
|
|
|
|
|
def decode_token(token: str, secret: str) -> dict:
|
|
"""Decode and verify a JWT. Raises jwt.PyJWTError on any failure."""
|
|
return jwt.decode(token, secret, algorithms=["HS256"])
|