New token arch

2026-01-10 21:45:37 +01:00
parent cc53037552
commit bf1db7cb9e
26 changed files with 1751 additions and 107 deletions
--- a/shared/auth/jwt_handler.py
+++ b/shared/auth/jwt_handler.py
@@ -125,6 +125,35 @@ class JWTHandler:
        encoded_jwt = jwt.encode(to_encode, self.secret_key, algorithm=self.algorithm)
        logger.debug(f"Created refresh token for user {user_data['user_id']}")
        return encoded_jwt
+
+    def create_service_token(self, service_name: str, expires_delta: Optional[timedelta] = None) -> str:
+        """
+        Create JWT SERVICE token for inter-service communication
+        ✅ FIXED: Service tokens have proper service account structure
+        """
+        to_encode = {
+            "sub": service_name,
+            "service": service_name,
+            "type": "service",
+            "role": "admin",
+            "is_service": True
+        }
+
+        # Set expiration
+        if expires_delta:
+            expire = datetime.now(timezone.utc) + expires_delta
+        else:
+            expire = datetime.now(timezone.utc) + timedelta(days=365)
+        
+        to_encode.update({
+            "exp": expire,
+            "iat": datetime.now(timezone.utc),
+            "iss": "bakery-auth"
+        })
+        
+        encoded_jwt = jwt.encode(to_encode, self.secret_key, algorithm=self.algorithm)
+        logger.debug(f"Created service token for service {service_name}")
+        return encoded_jwt
    
    def verify_token(self, token: str) -> Optional[Dict[str, Any]]:
        """