🐛✅ introduce leeway of 1s for jwt.decode

This addresses breaking change in `pyjwt` version 2.6 (jpadilla/pyjwt#797), where validation will now raise an `ImmatureSignatureError` if the 'issued at' time is in the future, with default 0 leeway. Integration tests fail with `pyjwt~=2.6`, potentially because of clock synchronization / network latency between `issued_at` time at generation and decoding of the jwt; so, a leeway of 1 second accommodates any potential latency / clock sync issue Signed-off-by: ff137 <ff137@proton.me>
ff137 · Jul 24, 2023 · 9f66f09 · 9f66f09
1 parent cebcbd6
commit 9f66f09
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/aries_cloudagent/multitenant/base.py b/aries_cloudagent/multitenant/base.py
@@ -321,7 +321,7 @@ async def create_auth_token(
     def get_wallet_details_from_token(self, token: str) -> Tuple[str, str]:
         """Get the wallet_id and wallet_key from provided token."""
         jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret")
-        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5)
+        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=1)
         wallet_id = token_body.get("wallet_id")
         wallet_key = token_body.get("wallet_key")
         return wallet_id, wallet_key
@@ -360,7 +360,7 @@ async def get_profile_for_token(
         jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret")
         extra_settings = {}
 
-        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5)
+        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=1)
 
         wallet_id = token_body.get("wallet_id")
         wallet_key = token_body.get("wallet_key")