introduce leeway of 5s for jwt.decode

This addresses breaking change in `pyjwt` version 2.6 (jpadilla/pyjwt#797), where validation will now raise an `ImmatureSignatureError` if the 'issued at' time is in the future. Integration tests fail with `pyjwt~=2.6`, potentially because of clock synchronization / network latency / time zone differences in `issued_at` time of the jwt, so a leeway of 5 seconds attempts to accommodate ant potential latency / clock sync issue Signed-off-by: ff137 <ff137@proton.me>
ff137 · Jul 24, 2023 · e3f1eeb · e3f1eeb
1 parent e1fa7e2
commit e3f1eeb
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/aries_cloudagent/multitenant/base.py b/aries_cloudagent/multitenant/base.py
@@ -321,7 +321,7 @@ async def create_auth_token(
     def get_wallet_details_from_token(self, token: str) -> Tuple[str, str]:
         """Get the wallet_id and wallet_key from provided token."""
         jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret")
-        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"])
+        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5)
         wallet_id = token_body.get("wallet_id")
         wallet_key = token_body.get("wallet_key")
         return wallet_id, wallet_key
@@ -360,7 +360,7 @@ async def get_profile_for_token(
         jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret")
         extra_settings = {}
 
-        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"])
+        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5)
 
         wallet_id = token_body.get("wallet_id")
         wallet_key = token_body.get("wallet_key")