MCPcopy
hub / github.com/learnhouse/learnhouse / create_access_token

Function create_access_token

apps/api/src/security/auth.py:139–157  ·  view source on GitHub ↗

Create a JWT access token. SECURITY: always sets ``exp`` and ``iat`` claims. ``iat`` lets :func:`get_current_user` enforce both password-change-based revocation and the logout blocklist (see :func:`revoke_user_sessions_before`), neither of which can work on tokens missing an is

(data: dict, expires_delta: timedelta | None = None)

Source from the content-addressed store, hash-verified

137
138
139def create_access_token(data: dict, expires_delta: timedelta | None = None):
140 """
141 Create a JWT access token.
142
143 SECURITY: always sets ``exp`` and ``iat`` claims. ``iat`` lets
144 :func:`get_current_user` enforce both password-change-based revocation and
145 the logout blocklist (see :func:`revoke_user_sessions_before`), neither of
146 which can work on tokens missing an issuance timestamp.
147 """
148 to_encode = data.copy()
149 now = datetime.now(timezone.utc)
150 if expires_delta:
151 expire = now + expires_delta
152 else:
153 # SECURITY: Always set expiration (8 hours default)
154 expire = now + JWT_ACCESS_TOKEN_EXPIRES
155 to_encode.update({"exp": expire, "iat": now})
156 encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
157 return encoded_jwt
158
159
160JWT_REFRESH_TOKEN_EXPIRES = timedelta(days=30)

Calls 1

updateMethod · 0.45