From e3f1eeb7f713943835b03b856e753015e63aaa96 Mon Sep 17 00:00:00 2001 From: ff137 Date: Mon, 24 Jul 2023 21:07:37 +0200 Subject: [PATCH] introduce leeway of 5s for `jwt.decode` This addresses breaking change in `pyjwt` version 2.6 (https://github.com/jpadilla/pyjwt/pull/797), where validation will now raise an `ImmatureSignatureError` if the 'issued at' time is in the future. Integration tests fail with `pyjwt~=2.6`, potentially because of clock synchronization / network latency / time zone differences in `issued_at` time of the jwt, so a leeway of 5 seconds attempts to accommodate ant potential latency / clock sync issue Signed-off-by: ff137 --- aries_cloudagent/multitenant/base.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aries_cloudagent/multitenant/base.py b/aries_cloudagent/multitenant/base.py index 03fbb7a515..d28a3a1cf2 100644 --- a/aries_cloudagent/multitenant/base.py +++ b/aries_cloudagent/multitenant/base.py @@ -321,7 +321,7 @@ async def create_auth_token( def get_wallet_details_from_token(self, token: str) -> Tuple[str, str]: """Get the wallet_id and wallet_key from provided token.""" jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret") - token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"]) + token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5) wallet_id = token_body.get("wallet_id") wallet_key = token_body.get("wallet_key") return wallet_id, wallet_key @@ -360,7 +360,7 @@ async def get_profile_for_token( jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret") extra_settings = {} - token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"]) + token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5) wallet_id = token_body.get("wallet_id") wallet_key = token_body.get("wallet_key")