wip

id.saladeaula.digital/app/jose_.py

@@ -1,7 +1,7 @@
 from datetime import timedelta
 
 from aws_lambda_powertools.event_handler.exceptions import ForbiddenError
-from jose import ExpiredSignatureError, JWTError, jwt
+from jose import jwt
 from layercake.dateutils import now
 
 from config import (
@@ -9,7 +9,7 @@ from config import (
     JWT_ALGORITHM,
     JWT_EXP_SECONDS,
     JWT_SECRET,
-    REFRESH_TOKEN_EXP_SECONDS,
+    OAUTH2_REFRESH_TOKEN_EXPIRES_IN,
 )
 
 
@@ -27,10 +27,11 @@ def generate_jwt(user_id: str, email: str) -> str:
 
 def generate_refresh_token(user_id: str) -> str:
     now_ = now()
+    exp = now_ + timedelta(seconds=OAUTH2_REFRESH_TOKEN_EXPIRES_IN)
     payload = {
         'sub': user_id,
         'iat': int(now_.timestamp()),
-        'exp': int((now_ + timedelta(seconds=REFRESH_TOKEN_EXP_SECONDS)).timestamp()),
+        'exp': int(exp.timestamp()),
         'iss': ISSUER,
         'typ': 'refresh',
     }
@@ -38,19 +39,14 @@ def generate_refresh_token(user_id: str) -> str:
 
 
 def verify_jwt(token: str) -> dict:
-    try:
-        payload = jwt.decode(
-            token,
-            JWT_SECRET,
-            algorithms=[JWT_ALGORITHM],
-            issuer=ISSUER,
-            options={
-                'require': ['exp', 'sub', 'iss'],
-                'leeway': 60,
-            },
-        )
-        return payload
-    except ExpiredSignatureError:
-        raise ForbiddenError('Token expired')
-    except JWTError:
-        raise ForbiddenError('Invalid token')
+    payload = jwt.decode(
+        token,
+        JWT_SECRET,
+        algorithms=[JWT_ALGORITHM],
+        issuer=ISSUER,
+        options={
+            'require': ['exp', 'sub', 'iss'],
+            'leeway': 60,
+        },
+    )
+    return payload