MCPcopy Index your code
hub / github.com/learnhouse/learnhouse / decode_refresh_token

Function decode_refresh_token

apps/api/src/security/auth.py:254–275  ·  view source on GitHub ↗

Decode and validate a refresh JWT token. SECURITY: Always requires expiration claim for refresh tokens. Dev mode does not affect refresh token validation.

(token: str)

Source from the content-addressed store, hash-verified

252
253
254def decode_refresh_token(token: str) -> Optional[dict]:
255 """
256 Decode and validate a refresh JWT token.
257
258 SECURITY: Always requires expiration claim for refresh tokens.
259 Dev mode does not affect refresh token validation.
260 """
261 try:
262 # SECURITY: Always verify expiration for refresh tokens
263 decode_options = {"require": ["exp", "sub"]}
264
265 payload = jwt.decode(
266 token,
267 JWT_SECRET_KEY,
268 algorithms=[ALGORITHM],
269 options=decode_options
270 )
271 if payload.get("type") != "refresh":
272 return None
273 return payload
274 except PyJWTError:
275 return None
276
277
278def _mark_refresh_jti_used(user_id: int, jti: str) -> bool:

Calls 1

getMethod · 0.45