pypomes-jwt 0.8.3__py3-none-any.whl → 0.8.5__py3-none-any.whl

pypomes_jwt/jwt_data.py

@@ -35,12 +35,14 @@ class JwtData:
            "token-audience": <string>    # the audience the token is intended for
            "token_nonce": <string>       # value used to associate a client session with a token
            "claims": {
-             "birthdate": <string>,    # subject's birth date
-             "email": <string>,        # subject's email
-             "gender": <string>,       # subject's gender
-             "name": <string>,         # subject's name
-             "roles": <List[str]>,     # subject roles
-             "nonce": <string>,        # value used to associate a Client session with a token
+             "valid-from": <string>      # token's start (<YYYY-MM-DD hh:mm:ss>)
+             "valid-until": <string>     # token's finish (<YYYY-MM-DD hh:mm:ss>)
+             "birthdate": <string>,      # subject's birth date
+             "email": <string>,          # subject's email
+             "gender": <string>,         # subject's gender
+             "name": <string>,           # subject's name
+             "roles": <List[str]>,       # subject roles
+             "nonce": <string>,          # value used to associate a Client session with a token
              ...
            }
          },
@@ -66,6 +68,8 @@ class JwtData:
 
     Account-related claims are optional claims, and convey information about the registered account they belong to.
     Alhough they can be freely specified, these are some of the most commonly used claims:
+       "valid-from": <string>   # token's start (<YYYY-MM-DD hh:mm:ss>)
+       "valid-until": <string>  # token's finish (<YYYY-MM-DD hh:mm:ss>)
       "birthdate": <string>     # subject's birth date
       "email": <string>         # subject's email
       "gender": <string>        # subject's gender
@@ -238,6 +242,8 @@ class JwtData:
 
                     # issue a candidate refresh token first, and persist it
                     current_claims["exp"] = just_now + account_data.get("refresh-max-age")
+                    current_claims["valid-from"] = datetime.fromtimestamp(timestamp=current_claims["iat"])
+                    current_claims["valid-until"] = datetime.fromtimestamp(timestamp=current_claims["exp"])
                     # may raise an exception
                     refresh_token: str = jwt.encode(payload=current_claims,
                                                     key=JWT_ENCODING_KEY,
@@ -400,15 +406,18 @@ def _jwt_persist_token(errors: list[str],
         if errors:
             raise RuntimeError("; ".join(errors))
 
-        exp: int = token_claims["payload"].get("exp")
+        # find expired tokens
+        exp: int = token_claims["payload"].get("exp", sys.maxsize)
         if exp < datetime.now(tz=timezone.utc).timestamp():
             expired.append(token_kid)
-        elif exp < oldest:
+
+        # find oldest token
+        iat: int = token_claims["payload"].get("iat", sys.maxsize)
+        if iat < oldest:
             oldest = exp
             surplus = token_kid
 
     # remove expired tokens from persistence
-    # ruff: noqa: SIM102
     if expired:
         db_delete(errors=errors,
                   delete_stmt=f"DELETE FROM {JWT_DB_TABLE}",
@@ -422,7 +431,7 @@ def _jwt_persist_token(errors: list[str],
                              f"'{account_id}' removed from storage")
 
     if 0 < JWT_ACCOUNT_LIMIT <= len(recs) - len(expired):
-        # delete the oldest persisted token to make way for the new one
+        # delete the oldest token to make way for the new one
         db_delete(errors=errors,
                   delete_stmt=f"DELETE FROM {JWT_DB_TABLE}",
                   where_data={JWT_DB_COL_KID: surplus},

pypomes_jwt/jwt_pomes.py

@@ -57,7 +57,7 @@ def jwt_verify_request(request: Request,
         # yes, extract and validate the JWT access token
         token: str = auth_header.split(" ")[1]
         if logger:
-            logger.debug(msg=f"Token is '{token}'")
+            logger.debug(msg="Token was found")
         errors: list[str] = []
         jwt_validate_token(errors=errors,
                            nature="A",
@@ -174,7 +174,7 @@ def jwt_validate_token(errors: list[str] | None,
     # initialize the return variable
     result: dict[str, Any] | None = None
     if logger:
-        logger.debug(msg=f"Validate JWT token '{token}'")
+        logger.debug(msg="Validate JWT token")
 
     # extract needed data from token header
     token_header: dict[str, Any] = jwt.get_unverified_header(jwt=token)
@@ -245,7 +245,7 @@ def jwt_validate_token(errors: list[str] | None,
         if isinstance(errors, list):
             errors.extend(op_errors)
     elif logger:
-        logger.debug(msg=f"Token '{token}' is valid")
+        logger.debug(msg="Token is valid")
 
     return result
 
@@ -379,9 +379,11 @@ def jwt_get_claims(errors: list[str] | None,
         "header": {
           "alg": "RS256",
           "typ": "JWT",
-          "kid": "rt466ytRTYH64577uydhDFGHDYJH2341"
+          "kid": "1234"
         },
         "payload": {
+          "valid-from": <YYYY-MM-DD hh:mm:ss>
+          "valid-until": <YYYY-MM-DD hh:mm:ss>
           "birthdate": "1980-01-01",
           "email": "jdoe@mail.com",
           "exp": 1516640454,
@@ -409,7 +411,7 @@ def jwt_get_claims(errors: list[str] | None,
     result: dict[str, Any] | None = None
 
     if logger:
-        logger.debug(msg=f"Retrieve claims for token '{token}'")
+        logger.debug(msg="Retrieve claims for token")
 
     try:
         # retrieve the token's claims

{pypomes_jwt-0.8.3.dist-info → pypomes_jwt-0.8.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_jwt
-Version: 0.8.3
+Version: 0.8.5
 Summary: A collection of Python pomes, penyeach (JWT module)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues
@@ -13,4 +13,4 @@ Requires-Python: >=3.12
 Requires-Dist: cryptography>=44.0.2
 Requires-Dist: pyjwt>=2.10.1
 Requires-Dist: pypomes-core>=1.8.3
-Requires-Dist: pypomes-db>=1.9.5
+Requires-Dist: pypomes-db>=1.9.6

pypomes_jwt-0.8.5.dist-info/RECORD

@@ -0,0 +1,8 @@
+pypomes_jwt/__init__.py,sha256=P7rT6ZVE2BzU3ntYOr83H5iOf5JcCmjDUYakNbrRAP0,1266
+pypomes_jwt/jwt_constants.py,sha256=FA50jKQ3D09MxXkUpVkXW5IQqm_UX6qm3bU5gHvkU-4,3980
+pypomes_jwt/jwt_data.py,sha256=wRXLM8U5gb2JYDiv0G3R4n4npZyFJ_93tFI8A4BwROc,22180
+pypomes_jwt/jwt_pomes.py,sha256=BNL6r-IfnKKeBZFpTzFXQUnotFKgV6PeKHqar9Ys20I,17186
+pypomes_jwt-0.8.5.dist-info/METADATA,sha256=mMCgIa9kXt8WBVxxpI86ge27VYm2gg8rBAfzmnK6_Hc,632
+pypomes_jwt-0.8.5.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+pypomes_jwt-0.8.5.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
+pypomes_jwt-0.8.5.dist-info/RECORD,,

pypomes_jwt-0.8.3.dist-info/RECORD

@@ -1,8 +0,0 @@
-pypomes_jwt/__init__.py,sha256=P7rT6ZVE2BzU3ntYOr83H5iOf5JcCmjDUYakNbrRAP0,1266
-pypomes_jwt/jwt_constants.py,sha256=FA50jKQ3D09MxXkUpVkXW5IQqm_UX6qm3bU5gHvkU-4,3980
-pypomes_jwt/jwt_data.py,sha256=4WT19eHowrMyXJIRt3nLv8FLxEorgP2k-fgKgYY0Vgk,21534
-pypomes_jwt/jwt_pomes.py,sha256=m-seMYrQLgTrdxR7bH-RMdlY7Jc9QtmAKmkdyEAhQGY,17156
-pypomes_jwt-0.8.3.dist-info/METADATA,sha256=kagRg42MtBTc2zewA2douDPWBYBmeOCsSwSuciJZnNA,632
-pypomes_jwt-0.8.3.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-pypomes_jwt-0.8.3.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
-pypomes_jwt-0.8.3.dist-info/RECORD,,