Jwt

jwt

JWT token creation and validation.

Provides functions for creating and decoding JWT access tokens using the python-jose library.

Classes

TokenError

Bases: Exception

Raised when a token is invalid or expired.

Functions

create_access_token

create_access_token(
    *,
    subject: str,
    expires_delta: timedelta | None = None,
    extra_claims: dict[str, Any] | None = None
) -> str

Create a JWT access token.

subject: usually user.id

Source code in fastauth/security/jwt.py

def create_access_token(
    *,
    subject: str,
    expires_delta: timedelta | None = None,
    extra_claims: dict[str, Any] | None = None,
) -> str:
    """
    Create a JWT access token.

    subject: usually user.id
    """
    expire = datetime.now(UTC) + (
        expires_delta
        if expires_delta
        else timedelta(minutes=settings.access_token_expire_minutes)
    )

    payload: dict[str, Any] = {
        "sub": subject,
        "exp": expire,
        "iat": datetime.now(UTC),
    }

    if extra_claims:
        payload.update(extra_claims)

    encoded_jwt = jwt.encode(
        payload,
        settings.jwt_secret_key,
        algorithm=settings.jwt_algorithm,
    )

    return encoded_jwt

decode_access_token

decode_access_token(token: str) -> dict[str, Any]

Decode and validate a JWT access token.

Source code in fastauth/security/jwt.py

def decode_access_token(token: str) -> dict[str, Any]:
    """
    Decode and validate a JWT access token.
    """
    try:
        payload = jwt.decode(
            token,
            settings.jwt_secret_key,
            algorithms=[settings.jwt_algorithm],
        )
        return payload
    except JWTError as exc:
        raise TokenError("Invalid or expired token") from exc