Add improvements
This commit is contained in:
Urtzi Alfaro
@@ -126,24 +126,47 @@ class JWTHandler:
|
||||
logger.debug(f"Created refresh token for user {user_data['user_id']}")
|
||||
return encoded_jwt
|
||||
|
||||
def create_service_token(self, service_name: str, expires_delta: Optional[timedelta] = None) -> str:
|
||||
def create_service_token(
|
||||
self,
|
||||
service_name: str,
|
||||
expires_delta: Optional[timedelta] = None,
|
||||
tenant_id: Optional[str] = None
|
||||
) -> str:
|
||||
"""
|
||||
Create JWT SERVICE token for inter-service communication
|
||||
✅ FIXED: Service tokens have proper service account structure
|
||||
✅ UNIFIED: Single source of truth for all service token creation
|
||||
✅ ENHANCED: Supports tenant context for tenant-scoped operations
|
||||
|
||||
Args:
|
||||
service_name: Name of the service (e.g., 'auth-service', 'demo-session')
|
||||
expires_delta: Optional expiration time (defaults to 1 hour for inter-service calls)
|
||||
tenant_id: Optional tenant ID for tenant-scoped service operations
|
||||
|
||||
Returns:
|
||||
Encoded JWT service token
|
||||
"""
|
||||
to_encode = {
|
||||
"sub": service_name,
|
||||
"user_id": f"{service_name}-service",
|
||||
"email": f"{service_name}-service@internal",
|
||||
"service": service_name,
|
||||
"type": "service",
|
||||
"role": "admin",
|
||||
"is_service": True
|
||||
"role": "admin", # Services have admin privileges
|
||||
"is_service": True,
|
||||
"full_name": f"{service_name.title()} Service",
|
||||
"is_verified": True,
|
||||
"is_active": True
|
||||
}
|
||||
|
||||
# Set expiration
|
||||
# Include tenant context when provided for tenant-scoped operations
|
||||
if tenant_id:
|
||||
to_encode["tenant_id"] = tenant_id
|
||||
|
||||
# Set expiration (default to 1 hour for inter-service calls)
|
||||
if expires_delta:
|
||||
expire = datetime.now(timezone.utc) + expires_delta
|
||||
else:
|
||||
expire = datetime.now(timezone.utc) + timedelta(days=365)
|
||||
expire = datetime.now(timezone.utc) + timedelta(hours=1) # 1 hour default
|
||||
|
||||
to_encode.update({
|
||||
"exp": expire,
|
||||
@@ -152,7 +175,7 @@ class JWTHandler:
|
||||
})
|
||||
|
||||
encoded_jwt = jwt.encode(to_encode, self.secret_key, algorithm=self.algorithm)
|
||||
logger.debug(f"Created service token for service {service_name}")
|
||||
logger.debug(f"Created service token for service {service_name}", tenant_id=tenant_id)
|
||||
return encoded_jwt
|
||||
|
||||
def verify_token(self, token: str) -> Optional[Dict[str, Any]]:
|
||||
@@ -230,42 +253,7 @@ class JWTHandler:
|
||||
|
||||
return None
|
||||
|
||||
def create_service_token(self, service_name: str, expires_delta: Optional[timedelta] = None) -> str:
|
||||
"""
|
||||
Create JWT token for service-to-service communication
|
||||
|
||||
Args:
|
||||
service_name: Name of the service (e.g., 'auth-service', 'tenant-service')
|
||||
expires_delta: Optional expiration time (defaults to 365 days for services)
|
||||
|
||||
Returns:
|
||||
Encoded JWT service token
|
||||
"""
|
||||
to_encode = {
|
||||
"sub": service_name,
|
||||
"user_id": service_name,
|
||||
"service": service_name,
|
||||
"type": "service",
|
||||
"is_service": True,
|
||||
"role": "admin", # Services have admin privileges
|
||||
"email": f"{service_name}@internal.service"
|
||||
}
|
||||
|
||||
# Set expiration (default to 1 year for service tokens)
|
||||
if expires_delta:
|
||||
expire = datetime.now(timezone.utc) + expires_delta
|
||||
else:
|
||||
expire = datetime.now(timezone.utc) + timedelta(days=365)
|
||||
|
||||
to_encode.update({
|
||||
"exp": expire,
|
||||
"iat": datetime.now(timezone.utc),
|
||||
"iss": "bakery-auth"
|
||||
})
|
||||
|
||||
encoded_jwt = jwt.encode(to_encode, self.secret_key, algorithm=self.algorithm)
|
||||
logger.info(f"Created service token for {service_name}")
|
||||
return encoded_jwt
|
||||
|
||||
def get_token_info(self, token: str) -> Dict[str, Any]:
|
||||
"""
|
||||
|
||||
Reference in New Issue
Block a user