def encode_jwt_token(self,
user,
override_access_lifespan=None,
override_refresh_lifespan=None,
**custom_claims):
"""
Encodes user data into a jwt token that can be used for authorization
at protected endpoints
:param: override_access_lifespan: Override's the instance's access
lifespan to set a custom duration
after which the new token's
accessability will expire. May not
exceed the refresh_lifespan
:param: override_refresh_lifespan: Override's the instance's refresh
lifespan to set a custom duration
after which the new token's
refreshability will expire.
:param: custom_claims: Additional claims that should
be packed in the payload. Note that
any claims supplied here must be
JSON compatible types
"""
ClaimCollisionError.require_condition(
set(custom_claims.keys()).isdisjoint(RESERVED_CLAIMS),
"The custom claims collide with required claims",
)
self._check_user(user)
moment = pendulum.now('UTC')
if override_refresh_lifespan is None:
refresh_lifespan = self.refresh_lifespan
else:
refresh_lifespan = override_refresh_lifespan
refresh_expiration = (moment + refresh_lifespan).int_timestamp
if override_access_lifespan is None:
access_lifespan = self.access_lifespan
else:
access_lifespan = override_access_lifespan
access_expiration = min(
(moment + access_lifespan).int_timestamp,
refresh_expiration,
)
payload_parts = dict(iat=moment.int_timestamp,
exp=access_expiration,
rf_exp=refresh_expiration,
jti=str(uuid.uuid4()),
id=user.identity,
rls=','.join(user.rolenames),
**custom_claims)
return jwt.encode(
payload_parts,
self.encode_key,
self.encode_algorithm,
).decode('utf-8')
def encode_jwt_token(self,
user,
override_access_lifespan=None,
override_refresh_lifespan=None,
bypass_user_check=False,
is_registration_token=False,
is_reset_token=False,
**custom_claims):
"""
Encodes user data into a jwt token that can be used for authorization
at protected endpoints
:param: override_access_lifespan: Override's the instance's access
lifespan to set a custom duration
after which the new token's
accessability will expire. May not
exceed the refresh_lifespan
:param: override_refresh_lifespan: Override's the instance's refresh
lifespan to set a custom duration
after which the new token's
refreshability will expire.
:param: bypass_user_check: Override checking the user for
being real/active. Used for
registration token generation.
:param: is_registration_token: Indicates that the token will be
used only for email-based
registration
:param: custom_claims: Additional claims that should
be packed in the payload. Note that
any claims supplied here must be
JSON compatible types
"""
ClaimCollisionError.require_condition(
set(custom_claims.keys()).isdisjoint(RESERVED_CLAIMS),
"The custom claims collide with required claims",
)
if not bypass_user_check:
self._check_user(user)
moment = pendulum.now('UTC')
if override_refresh_lifespan is None:
refresh_lifespan = self.refresh_lifespan
else:
refresh_lifespan = override_refresh_lifespan
refresh_expiration = (moment + refresh_lifespan).int_timestamp
if override_access_lifespan is None:
access_lifespan = self.access_lifespan
else:
access_lifespan = override_access_lifespan
access_expiration = min(
(moment + access_lifespan).int_timestamp,
refresh_expiration,
)
payload_parts = {
'iat': moment.int_timestamp,
'exp': access_expiration,
'jti': str(uuid.uuid4()),
'id': user.identity,
'rls': ','.join(user.rolenames),
REFRESH_EXPIRATION_CLAIM: refresh_expiration,
}
if is_registration_token:
payload_parts[IS_REGISTRATION_TOKEN_CLAIM] = True
if is_reset_token:
payload_parts[IS_RESET_TOKEN_CLAIM] = True
flask.current_app.logger.debug(
"Attaching custom claims: {}".format(custom_claims), )
payload_parts.update(custom_claims)
if self.encode_jwt_token_hook:
self.encode_jwt_token_hook(**payload_parts)
return jwt.encode(
payload_parts,
self.encode_key,
self.encode_algorithm,
).decode('utf-8')