jamlib 3.2.0b3__tar.gz → 3.2.0.post0__tar.gz

{jamlib-3.2.0b3/src/jamlib.egg-info → jamlib-3.2.0.post0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: jamlib
-Version: 3.2.0b3
+Version: 3.2.0.post0
 Summary: Simple and universal library for authorization.
 Author-email: Makridenko Adrian <adrianmakridenko@duck.com>, Ksenia Travnikova <kseniatravnikova@duck.com>
 License: Apache-2.0
@@ -30,7 +30,7 @@ Classifier: Framework :: FastAPI
 Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE.md
-Requires-Dist: cryptography>=46.0.5
+Requires-Dist: cryptography>=48.0.0
 Provides-Extra: cli
 Requires-Dist: click>=8.3.1; extra == "cli"
 Provides-Extra: redis
@@ -77,7 +77,7 @@ from jam import Jam
 
 jam = Jam(config="config.toml")
 
-jwt = jam.jwt_create({"user": 1})
+jwt = jam.jwt_encode(payload={"user": 1})
 session_id = jam.session_create(session_key="username", data={"user": 1})
 otp_code = jam.otp_code(secret="3DB7FOAOFBCI3WFDRE7EPF43CA")
 ```
@@ -85,7 +85,7 @@ otp_code = jam.otp_code(secret="3DB7FOAOFBCI3WFDRE7EPF43CA")
 ## Why Jam?
 Jam is a library that provides the most popular AUTH* mechanisms right out of the box.
 
-* [JWT](https://jam.makridenko.ru/usage/jwt/)
+* [JOSE](https://jam.makridenko.ru/usage/jose/)
 * [PASETO](https://jam.makridenko.ru/usage/paseto/)
 * [Server side sessions](https://jam.makridenko.ru/usage/sessions/)
 * [OTP](https://jam.makridenko.ru/usage/otp/)
@@ -109,7 +109,7 @@ Here is a comparison with other libraries:
 
 | Features / Library    | **Jam** | [Authx](https://authx.yezz.me/) | [PyJWT](https://pyjwt.readthedocs.io) | [AuthLib](https://docs.authlib.org) | [OTP Auth](https://otp.authlib.org/) |
 |-----------------------|--------|----------------------------------|---------------------------------------|-------------------------------------|--------------------------------------|
-| JWT                   | ✅     | ✅                               | ✅                                    | ✅                                  | ❌                                   |
+| JOSE                  | ✅     | ❌ only JWT                      | ❌ only JWT                           | ✅                                  | ❌                                   |
 | JWT black/white lists | ✅     | ❌                               | ❌                                    | ❌                                  | ❌                                   |
 | PASETO                | ✅     | ❌                               | ❌                                    | ❌                                  | ❌                                   |
 | Server side sessions  | ✅     | ✅                               | ❌                                    | ❌                                  | ❌                                   |

{jamlib-3.2.0b3 → jamlib-3.2.0.post0}/README.md

@@ -24,7 +24,7 @@ from jam import Jam
 
 jam = Jam(config="config.toml")
 
-jwt = jam.jwt_create({"user": 1})
+jwt = jam.jwt_encode(payload={"user": 1})
 session_id = jam.session_create(session_key="username", data={"user": 1})
 otp_code = jam.otp_code(secret="3DB7FOAOFBCI3WFDRE7EPF43CA")
 ```
@@ -32,7 +32,7 @@ otp_code = jam.otp_code(secret="3DB7FOAOFBCI3WFDRE7EPF43CA")
 ## Why Jam?
 Jam is a library that provides the most popular AUTH* mechanisms right out of the box.
 
-* [JWT](https://jam.makridenko.ru/usage/jwt/)
+* [JOSE](https://jam.makridenko.ru/usage/jose/)
 * [PASETO](https://jam.makridenko.ru/usage/paseto/)
 * [Server side sessions](https://jam.makridenko.ru/usage/sessions/)
 * [OTP](https://jam.makridenko.ru/usage/otp/)
@@ -56,7 +56,7 @@ Here is a comparison with other libraries:
 
 | Features / Library    | **Jam** | [Authx](https://authx.yezz.me/) | [PyJWT](https://pyjwt.readthedocs.io) | [AuthLib](https://docs.authlib.org) | [OTP Auth](https://otp.authlib.org/) |
 |-----------------------|--------|----------------------------------|---------------------------------------|-------------------------------------|--------------------------------------|
-| JWT                   | ✅     | ✅                               | ✅                                    | ✅                                  | ❌                                   |
+| JOSE                  | ✅     | ❌ only JWT                      | ❌ only JWT                           | ✅                                  | ❌                                   |
 | JWT black/white lists | ✅     | ❌                               | ❌                                    | ❌                                  | ❌                                   |
 | PASETO                | ✅     | ❌                               | ❌                                    | ❌                                  | ❌                                   |
 | Server side sessions  | ✅     | ✅                               | ❌                                    | ❌                                  | ❌                                   |

{jamlib-3.2.0b3 → jamlib-3.2.0.post0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "jamlib"
-version = "3.2.0b3"
+version = "3.2.0.post0"
 description = "Simple and universal library for authorization."
 authors = [
     {name = "Makridenko Adrian",email = "adrianmakridenko@duck.com"},
@@ -23,7 +23,7 @@ keywords = [
 ]
 requires-python = ">=3.10"
 dependencies = [
-    "cryptography>=46.0.5",
+    "cryptography>=48.0.0",
 ]
 
 classifiers = [

{jamlib-3.2.0b3 → jamlib-3.2.0.post0}/src/jam/__base__.py

@@ -1,16 +1,21 @@
 # -*- coding: utf-8 -*-
 
+from __future__ import annotations
+
 from abc import ABC, abstractmethod
 import gc
+import os
 from typing import Any, Literal
 
-from jam.encoders import BaseEncoder, JsonEncoder
+from jam.__base_encoder__ import BaseEncoder
+from jam.encoders import JsonEncoder
 from jam.exceptions import JamConfigurationError
 from jam.jose.__base__ import BaseJWE, BaseJWS, BaseJWT
 from jam.logger import BaseLogger, JamLogger
 from jam.oauth2.__base__ import BaseOAuth2Client
 from jam.otp.__base__ import BaseOTP, OTPConfig
 from jam.paseto.__base__ import BasePASETO
+from jam.plugins.__base__ import BasePlugin
 from jam.sessions.__base__ import BaseSessionModule
 from jam.utils.config_maker import __config_maker__, __module_loader__
 
@@ -30,15 +35,17 @@ class BaseJam(ABC):
             "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"
         ] = "INFO",
         serializer: BaseEncoder | type[BaseEncoder] = JsonEncoder,
+        plugins: list[type[BasePlugin]] = [],
     ) -> None:
         """Initialize instance.
 
         Args:
-                config (Union[str, dict[str, Any]]): Configuration
-                pointer (str): Pointer
-                logger (BaseLogger): Logger
-                log_level (Literal["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"]): Log level
-                serializer (Union[BaseEncoder, type[BaseBrowser]]): Serializer
+            config (Union[str, dict[str, Any]]): Configuration
+            pointer (str): Pointer
+            logger (BaseLogger): Logger
+            log_level (Literal["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"]): Log level
+            serializer (Union[BaseEncoder, type[BaseBrowser]]): Serializer
+            plugins (list[type[BasePlugin]]): List of plugins
 
         Returns:
                 None
@@ -54,6 +61,8 @@ class BaseJam(ABC):
 
         self._logger = logger(log_level)
         self._serializer = serializer
+        self._plugins = []
+
         self.jwt: BaseJWT | None = None
         self.jws: BaseJWS | None = None
         self.jwe: BaseJWE | None = None
@@ -74,6 +83,9 @@ class BaseJam(ABC):
             "BaseJam initialization complete. Modules loaded:\n"
             f" jwt={self.jwt is not None}, jose={self.jose is not None}, session={self.session is not None}, oauth2={self.oauth2 is not None}"
         )
+        if os.getenv("JAM_ENABLE_PLUGINS", "0") == "1":
+            self._logger.warning("Experimental plugins are enabled!")
+            self.__setup_plugins(plugins)
         gc.collect()
 
     def __build_main_config(
@@ -236,6 +248,40 @@ class BaseJam(ABC):
             case _:
                 raise JamConfigurationError(message="Unknown OTP type.")
 
+    def __setup_plugins(self, plugins: list[type[BasePlugin]]) -> None:
+        """Setup plugins."""
+        for plugin in plugins:
+            self._logger.debug(f"Setup plugin: {plugin.name}")
+            from jam.utils.version_check import __is_compatible__
+
+            if not __is_compatible__(None, plugin.jam_requires):
+                continue
+
+            _plugin = plugin(self)
+            _plugin.setup()
+            self._plugins.append(_plugin)
+
+    def emit(self, event: str, **kwargs) -> Any:
+        """Emit event.
+
+        Args:
+            event (str): Event name,
+            **kwargs: Event data
+        """
+        for plugin in self._plugins:
+            handler = getattr(plugin, f"on_{event}", None)
+
+            if handler:
+                try:
+                    result = handler(**kwargs)
+                    if isinstance(result, dict):
+                        kwargs.update(result)
+
+                except Exception as e:
+                    self._logger.error(f"Plugin:{plugin.name} | error: {e}")
+
+        return kwargs
+
     @abstractmethod
     def jwt_encode(
         self,
@@ -244,6 +290,7 @@ class BaseJam(ABC):
         aud: str | None = None,
         exp: int | None = None,
         nbf: int | None = None,
+        jti: str | None = None,
         *,
         payload: dict[str, Any] | None = None,
         header: dict[str, Any] | None = None,
@@ -256,6 +303,7 @@ class BaseJam(ABC):
             iss (str | None): The issuer.
             sub (str | None): The subject.
             aud (str | None): The audience.
+            jti (str | None): The JWT ID. If none use the JTI fabric function.
             header (dict[str, Any] | None): The header to include in the JWT.
             payload (dict[str, Any] | None): The payload to include in the JWT.
 

{jamlib-3.2.0b3 → jamlib-3.2.0.post0}/src/jam/__init__.py

@@ -7,10 +7,8 @@ Documentation: https://jam.makridenko.ru
 """
 
 from jam.__base__ import BaseJam
-from jam.__base_encoder__ import BaseEncoder
-from jam.encoders import JsonEncoder
 from jam.instance import Jam
 
 
-__version__ = "3.2.0b3"
-__all__ = ["Jam", "JsonEncoder", "BaseJam", "BaseEncoder"]
+__version__ = "3.2.0"
+__all__ = ["Jam", "BaseJam"]

{jamlib-3.2.0b3 → jamlib-3.2.0.post0}/src/jam/aio/__base__.py

@@ -4,6 +4,7 @@ from abc import abstractmethod
 from typing import Any
 
 from jam.__base__ import BaseJam
+from jam.__deprecated__ import deprecated
 from jam.aio.oauth2.__base__ import BaseAsyncOAuth2Client
 from jam.aio.sessions.__base__ import BaseAsyncSessionModule
 from jam.jose.__base__ import BaseJWE, BaseJWS
@@ -21,11 +22,17 @@ class BaseAsyncJam(BaseJam):
     jwe: BaseJWE | None = None  # type: ignore[override]
 
     @abstractmethod
+    @deprecated(
+        "This method is deprecated; the JWT payload is generated automatically in accordance with the specification."
+    )
     async def jwt_make_payload(  # type: ignore[override]
         self, exp: int | None, data: dict[str, Any]
     ) -> dict[str, Any]:
         """Make JWT-specific payload.
 
+        !!! Deprecated
+                This method is deprecated; the JWT payload is generated automatically in accordance with the specification.
+
         Args:
             exp (int | None): Token expire, if None -> use default
             data (dict[str, Any]): Data to payload
@@ -36,6 +43,7 @@ class BaseAsyncJam(BaseJam):
         raise NotImplementedError
 
     @abstractmethod
+    @deprecated("Use jam.jwt_encode")
     async def jwt_create(  # type: ignore[override]
         self, payload: dict[str, Any]
     ) -> str:
@@ -50,13 +58,14 @@ class BaseAsyncJam(BaseJam):
         raise NotImplementedError
 
     @abstractmethod
-    async def jwt_encode(
+    async def jwt_encode(  # type: ignore[override]
         self,
         iss: str | None = None,
         sub: str | None = None,
         aud: str | None = None,
         exp: int | None = None,
         nbf: int | None = None,
+        jti: str | None = None,
         *,
         payload: dict[str, Any] | None = None,
         header: dict[str, Any] | None = None,
@@ -69,6 +78,7 @@ class BaseAsyncJam(BaseJam):
             iss (str | None): The issuer.
             sub (str | None): The subject.
             aud (str | None): The audience.
+            jti (str | None): The JWT ID. If none use the JTI fabric function.
             header (dict[str, Any] | None): The header to include in the JWT.
             payload (dict[str, Any] | None): The payload to include in the JWT.
 
@@ -345,7 +355,7 @@ class BaseAsyncJam(BaseJam):
         raise NotImplementedError
 
     @abstractmethod
-    async def jws_sign(
+    async def jws_sign(  # type: ignore[override]
         self,
         data: dict[str, Any] | str,
         header: dict[str, Any] | None = None,
@@ -362,7 +372,9 @@ class BaseAsyncJam(BaseJam):
         raise NotImplementedError
 
     @abstractmethod
-    async def jws_verify(self, token: str) -> dict[str, Any]:
+    async def jws_verify(  # type: ignore[override]
+        self, token: str
+    ) -> dict[str, Any]:
         """Verify JWS token.
 
         Args:
@@ -377,7 +389,7 @@ class BaseAsyncJam(BaseJam):
         raise NotImplementedError
 
     @abstractmethod
-    async def jwe_encrypt(
+    async def jwe_encrypt(  # type: ignore[override]
         self,
         data: dict[str, Any] | str,
         header: dict[str, Any] | None = None,
@@ -394,7 +406,9 @@ class BaseAsyncJam(BaseJam):
         raise NotImplementedError
 
     @abstractmethod
-    async def jwe_decrypt(self, token: str) -> bytes:
+    async def jwe_decrypt(  # type: ignore[override]
+        self, token: str
+    ) -> bytes:
         """Decrypt JWE token.
 
         Args:

{jamlib-3.2.0b3 → jamlib-3.2.0.post0}/src/jam/aio/instance.py

@@ -1,10 +1,10 @@
 # -*- coding: utf-8 -*-
 
-import datetime
 import time
 from typing import Any
 import uuid
 
+from jam.__deprecated__ import deprecated
 from jam.aio.__base__ import BaseAsyncJam
 from jam.exceptions import (
     JamConfigurationError,
@@ -30,11 +30,17 @@ class Jam(BaseAsyncJam):
         "otp": "jam.otp.__base__.OTPConfig",
     }
 
+    @deprecated(
+        "This method is deprecated; the JWT payload is generated automatically in accordance with the specification."
+    )
     async def jwt_make_payload(
         self, exp: int | None, data: dict[str, Any]
     ) -> dict[str, Any]:
         """Make JWT-specific payload.
 
+        !!! Deprecated
+                This method is deprecated; the JWT payload is generated automatically in accordance with the specification.
+
         Args:
             exp (int | None): Token expire
             data (dict[str, Any]): Data to payload
@@ -42,17 +48,22 @@ class Jam(BaseAsyncJam):
         Returns:
             dict[str, Any]: Payload
         """
+        now = time.time()
         payload = {
-            "iat": datetime.datetime.now().timestamp(),
-            "exp": (datetime.datetime.now().timestamp() + exp) if exp else None,
+            "iat": now,
+            "exp": (now + exp) if exp else None,
             "jti": str(uuid.uuid4()),
         }
         payload = payload | data
         return payload
 
+    @deprecated("Use jam.jwt_encode")
     async def jwt_create(self, payload: dict[str, Any]) -> str:
         """Create JWT token.
 
+        !!! Deprecated
+                Use Jam.jwt_encode
+
         Args:
             payload (dict[str, Any]): Data payload
 
@@ -81,6 +92,7 @@ class Jam(BaseAsyncJam):
         aud: str | None = None,
         exp: int | None = None,
         nbf: int | None = None,
+        jti: str | None = None,
         *,
         payload: dict[str, Any] | None = None,
         header: dict[str, Any] | None = None,
@@ -93,6 +105,7 @@ class Jam(BaseAsyncJam):
             iss (str | None): The issuer.
             sub (str | None): The subject.
             aud (str | None): The audience.
+            jti (str | None): The JWT ID. If none use the JTI fabric function.
             header (dict[str, Any] | None): The header to include in the JWT.
             payload (dict[str, Any] | None): The payload to include in the JWT.
 
@@ -100,12 +113,15 @@ class Jam(BaseAsyncJam):
             str: The encoded JWT.
         """
         assert self.jwt is not None
+        if not jti:
+            jti = self.jwt.jti
         token = self.jwt.encode(
             iss=iss,
             sub=sub,
             aud=aud,
             exp=exp,
             nbf=nbf,
+            jti=jti,
             payload=payload,
             header=header,
         )
@@ -239,7 +255,10 @@ class Jam(BaseAsyncJam):
         """
         assert self.jwe is not None
         self._logger.debug(f"Encrypting data with JWE, header: {header}")
-        token = self.jwe.encrypt(data, header)
+        token = self.jwe.encrypt(
+            self._serializer.dumps(data) if isinstance(data, dict) else data,
+            header,
+        )
         self._logger.debug(f"JWE token created, length: {len(token)}")
         return token
 
@@ -364,8 +383,8 @@ class Jam(BaseAsyncJam):
     async def otp_uri(
         self,
         secret: str,
-        name: str | None = None,
-        issuer: str | None = None,
+        name: str,
+        issuer: str,
         counter: int | None = None,
     ) -> str:
         """Generates an otpauth:// URI for Google Authenticator.
@@ -383,9 +402,7 @@ class Jam(BaseAsyncJam):
         assert self._otp is not None
         return self._otp(
             secret=secret, digits=self.otp.digits, digest=self.otp.digest
-        ).provisioning_uri(
-            name=name or "", issuer=issuer or "", counter=counter
-        )
+        ).provisioning_uri(name=name, issuer=issuer, counter=counter)
 
     async def otp_verify_code(
         self,

{jamlib-3.2.0b3 → jamlib-3.2.0.post0}/src/jam/aio/sessions/__base__.py

@@ -7,9 +7,11 @@ from uuid import uuid4
 
 from cryptography.fernet import Fernet
 
-from jam.encoders import BaseEncoder, JsonEncoder
+from jam.__base_encoder__ import BaseEncoder
+from jam.encoders import JsonEncoder
 from jam.exceptions import JamSessionEmptyAESKey
 from jam.logger import BaseLogger
+from jam.utils.config_maker import __key_loader__
 
 
 class BaseAsyncSessionModule(ABC):
@@ -32,6 +34,8 @@ class BaseAsyncSessionModule(ABC):
             raise JamSessionEmptyAESKey
         if is_session_crypt:
             assert session_aes_secret is not None
+            if isinstance(session_aes_secret, str):
+                session_aes_secret = __key_loader__(session_aes_secret)
             self._code_session_key = Fernet(session_aes_secret)
 
     def __encode_session_id__(self, data: str) -> str:

jamlib-3.2.0.post0/src/jam/exceptions/jose.py

@@ -0,0 +1,73 @@
+# -*- coding: utf-8 -*-
+
+from .base import JamConfigurationError, JamValidationError
+
+
+class JamJWSVerificationError(JamValidationError):
+    default_message = "JWS signature verification failed."
+    default_code = "jws.verification_error"
+
+
+class JamJWSValidationError(JamValidationError):
+    default_message = "JWS validation failed."
+    default_code = "jws.validation_error"
+
+
+class JamJWSInvalidFormatError(JamValidationError):
+    default_message = "Invalid JWS format."
+    default_code = "jws.invalid_format"
+
+
+class JamJWSSigningError(JamValidationError):
+    default_message = "JWS signing failed."
+    default_code = "jws.signing_error"
+
+
+class JamJWKValidationError(JamValidationError):
+    default_message = "JWK validation failed."
+    default_code = "jwk.validation_error"
+
+
+class JamJWKInvalidKeyTypeError(JamValidationError):
+    default_message = "Unsupported JWK key type."
+    default_code = "jwk.invalid_key_type"
+
+
+class JamJWKMissingParameterError(JamValidationError):
+    default_message = "Missing required JWK parameter."
+    default_code = "jwk.missing_parameter"
+
+
+class JamJWEEncryptionError(JamValidationError):
+    default_message = "JWE encryption failed."
+    default_code = "jwe.encryption_error"
+
+
+class JamJWEDecryptionError(JamValidationError):
+    default_message = "JWE decryption failed."
+    default_code = "jwe.decryption_error"
+
+
+class JamJWEInvalidFormatError(JamValidationError):
+    default_message = "Invalid JWE format."
+    default_code = "jwe.invalid_format"
+
+
+class JamInvalidKeyTypeError(JamConfigurationError):
+    default_message = "Invalid key type."
+    default_code = "jose.invalid_key_type"
+
+
+class JamAlgorithmError(JamConfigurationError):
+    default_message = "Algorithm error."
+    default_code = "jose.algorithm_error"
+
+
+class JamInvalidPaddingError(JamValidationError):
+    default_message = "Invalid padding."
+    default_code = "jose.invalid_padding"
+
+
+class JamRedisListConfigurationError(JamConfigurationError):
+    default_message = "Redis list configuration error."
+    default_code = "jose.redis_list_configuration_error"

{jamlib-3.2.0b3 → jamlib-3.2.0.post0}/src/jam/ext/flask/extensions.py

@@ -89,6 +89,8 @@ class BaseAuthExtension(BaseExtension):
         _config: dict[str, Any] | None = (
             __config_maker__(config, pointer) if config else None
         )
+        if _config and _config.get("jose", None) and self.MODULE == create_jwt:
+            _config = _config["jose"]
 
         params = _config.pop(self._CONFIG_KEY) if _config else kwargs
         super().__init__(app=app, **params)

{jamlib-3.2.0b3 → jamlib-3.2.0.post0}/src/jam/ext/litestar/plugins.py

@@ -76,6 +76,9 @@ class BasePlugin(InitPlugin):
             __config_maker__(config, pointer) if config else None
         )
 
+        # FIXME: Make config wrapper
+        if _config and _config.get("jose", None) and self.MODULE == create_jwt:
+            _config = _config["jose"]
         params = _config.pop(self._CONFIG_KEY) if _config else kwargs
         self._setup_config(params)
         self._middleware = None

{jamlib-3.2.0b3 → jamlib-3.2.0.post0}/src/jam/ext/starlette/backends.py

@@ -81,6 +81,8 @@ class BaseBackend(AuthenticationBackend):
         try:
             if config:
                 config_ = __config_maker__(config, pointer)[self._CONFIG_KEY]
+                if config_.get("jose", None) and self.MODULE == create_jwt:
+                    config_ = config_["jose"]
                 self._auth = self.MODULE(**config_)
             else:
                 self._auth = self.MODULE(**kwargs)

{jamlib-3.2.0b3 → jamlib-3.2.0.post0}/src/jam/instance.py

@@ -1,6 +1,5 @@
 # -*- coding: utf-8 -*-
 
-import datetime
 import time
 from typing import Any
 import uuid
@@ -49,9 +48,10 @@ class Jam(BaseJam):
         Returns:
             dict[str, Any]: Payload
         """
+        now = time.time()
         payload = {
-            "iat": datetime.datetime.now().timestamp(),
-            "exp": (datetime.datetime.now().timestamp() + exp) if exp else None,
+            "iat": now,
+            "exp": (now + exp) if exp else None,
             "jti": str(uuid.uuid4()),
         }
         payload = payload | data
@@ -92,6 +92,7 @@ class Jam(BaseJam):
         aud: str | None = None,
         exp: int | None = None,
         nbf: int | None = None,
+        jti: str | None = None,
         *,
         payload: dict[str, Any] | None = None,
         header: dict[str, Any] | None = None,
@@ -104,6 +105,7 @@ class Jam(BaseJam):
             iss (str | None): The issuer.
             sub (str | None): The subject.
             aud (str | None): The audience.
+            jti (str | None): The JWT ID. If none use the JTI fabric function.
             header (dict[str, Any] | None): The header to include in the JWT.
             payload (dict[str, Any] | None): The payload to include in the JWT.
 
@@ -111,12 +113,15 @@ class Jam(BaseJam):
             str: The encoded JWT.
         """
         assert self.jwt is not None
+        if not jti:
+            jti = self.jwt.jti
         token = self.jwt.encode(
             iss=iss,
             sub=sub,
             aud=aud,
             exp=exp,
             nbf=nbf,
+            jti=jti,
             payload=payload,
             header=header,
         )