getServiceAuth: set iat, jti · retr0.id/millipds@b826d21

retr0.id / millipds

fork atom

A from-scratch atproto PDS implementation in Python (mirrors https://github.com/DavidBuchanan314/millipds)

fork atom

getServiceAuth: set iat, jti

retr0.id 1 year ago b826d218 d400b12b

+5 -1

2 changed files

expand all

unified split

src

millipds

auth_bearer.py

service.py

+2 -1

src/millipds/auth_bearer.py

··· 81 81 algorithms=[alg], 82 82 audience=db.config["pds_did"], 83 83 options={ 84 - "require": ["exp", "lxm"], # consider iat? 84 + "require": ["exp", "iat", "lxm"], 85 85 "verify_exp": True, 86 + "verify_iat": True, 86 87 "strict_aud": True, # may be unnecessary 87 88 }, 88 89 )

src/millipds/service.py

··· 6 6 import os 7 7 import io 8 8 import json 9 + import uuid 9 10 import hashlib 10 11 11 12 import apsw ··· 298 299 "aud": aud, 299 300 "lxm": lxm, 300 301 "exp": exp, 302 + "iat": now, 303 + "jti": str(uuid.uuid4()) 301 304 }, 302 305 signing_key, 303 306 algorithm=crypto.jwt_signature_alg_for_pem(signing_key),