Skip to content

Commit

Permalink
util.service_jwt: add new **claims parameter for additional JWT claims
Browse files Browse the repository at this point in the history
  • Loading branch information
snarfed committed Aug 16, 2024
1 parent 7e5d894 commit b4e6911
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,8 @@ _Non-breaking changes:_
* `xrpc_sync`:
* Switch `getBlob` from returning HTTP 302 to 301.
* Implement `since` param in `getRepo`.
* `util`:
* `service_jwt`: add new `**claims` parameter for additional JWT claims, [eg `lxm`](https://github.com/bluesky-social/atproto/discussions/2687).

### 0.6 - 2024-06-24

Expand Down
4 changes: 3 additions & 1 deletion arroba/util.py
Original file line number Diff line number Diff line change
Expand Up @@ -351,7 +351,7 @@ def verify_sig(obj, public_key):


def service_jwt(host, repo_did, privkey, expiration=timedelta(minutes=10),
aud=None):
aud=None, **claims):
"""Generates an inter-service JWT, eg for a relay or AppView.
https://atproto.com/specs/xrpc#inter-service-authentication-temporary-specification
Expand All @@ -363,6 +363,7 @@ def service_jwt(host, repo_did, privkey, expiration=timedelta(minutes=10),
expiration (timedelta): length of time this JWT will be valid, defaults to 10m
aud (str): JWT audience. Default is ``did:web:[host]``, which works for relays
and AppViews, but others (eg mod services) have ``did:plc``s instead.
claims (dict): additional claims to include in the JWT, eg ``lxm``
Returns:
str: JWT
Expand All @@ -375,6 +376,7 @@ def service_jwt(host, repo_did, privkey, expiration=timedelta(minutes=10),
'aud': aud or f'did:web:{host}',
'alg': 'ES256K', # k256
'exp': int((now() + expiration).timestamp()),
**claims,
}
logger.info(f'Generating ATProto inter-service JWT: {data}')
return jwt.encode(data, privkey, algorithm='ES256K')

0 comments on commit b4e6911

Please sign in to comment.