Add support for pyjwt leeway
#790
Merged
Commits on Jul 19, 2023
-
On the surface, this may look like a potentially incompatible change because we remove `leeway` from the passed `jwt_params`. However, those are passed to `options` and `leeway` isn't a supported value there for pyjwt, so the change is in effect strictly additive. pyjwt source has a comment indicating that `leeway` might be added to `options` in the future (it would make sense), along with values we control like `audience`. For the time being, however, this makes sense as a mechanism for passing `leeway` for JWT handling in the SDK. Because the same `leeway` is used for the `iat`, `nbf`, and `exp` claims, we can check that `leeway` is passed correctly by using it to make a very old `exp` claim pass validation in our tests. A new default is set for `leeway` of 0.5s internally. This is not part of the `decode_id_token` docs -- kept as an implementation detail -- but it makes the default behavior slightly more tolerant of clock drift. As such, this part of the change is documented as a fix in the changelog, whereas the rest is an addition.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.