feat: Use standard jwt lib for access token v3

Author: KShivendu

supertokens_python/querier.py

@@ -197,6 +197,25 @@ async def f(url: str) -> Response:
 
         return await self.__send_request_helper(path, "PUT", f, len(self.__hosts))
 
+    def get_all_core_urls_for_path(self, path: str) -> List[str]:
+        if self.__hosts is None:
+            return []
+
+        normalized_path = NormalisedURLPath(path)
+
+        result: List[str] = []
+
+        for h in self.__hosts:
+            current_domain = h.domain.get_as_string_dangerous()
+            current_base_path = h.base_path.get_as_string_dangerous()
+
+            result.append(
+                current_domain
+                + current_base_path
+                + normalized_path.get_as_string_dangerous()
+            )
+        return result
+
     async def __send_request_helper(
         self,
         path: NormalisedURLPath,

supertokens_python/recipe/jwt/api/jwks_get.py

@@ -23,6 +23,8 @@ async def jwks_get(api_implementation: APIInterface, api_options: APIOptions):
     user_context = default_user_context(api_options.request)
 
     result = await api_implementation.jwks_get(api_options, user_context)
+
     if isinstance(result, JWKSGetResponse):
         api_options.response.set_header("Access-Control-Allow-Origin", "*")
+
     return send_200_response(result.to_json(), api_options.response)

supertokens_python/recipe/jwt/asyncio/__init__.py

@@ -11,7 +11,7 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
-from typing import Any, Dict, Union
+from typing import Any, Dict, Union, Optional
 
 from supertokens_python.recipe.jwt.interfaces import (
     CreateJwtOkResult,
@@ -22,21 +22,22 @@
 
 
 async def create_jwt(
-    payload: Union[None, Dict[str, Any]] = None,
-    validity_seconds: Union[None, int] = None,
-    user_context: Union[Dict[str, Any], None] = None,
+    payload: Optional[Dict[str, Any]] = None,
+    validity_seconds: Optional[int] = None,
+    use_static_signing_key: Optional[bool] = None,
+    user_context: Optional[Dict[str, Any]] = None,
 ) -> Union[CreateJwtOkResult, CreateJwtResultUnsupportedAlgorithm]:
     if user_context is None:
         user_context = {}
     if payload is None:
         payload = {}
 
     return await JWTRecipe.get_instance().recipe_implementation.create_jwt(
-        payload, validity_seconds, user_context
+        payload, validity_seconds, use_static_signing_key, user_context
     )
 
 
-async def get_jwks(user_context: Union[Dict[str, Any], None] = None) -> GetJWKSResult:
+async def get_jwks(user_context: Optional[Dict[str, Any]] = None) -> GetJWKSResult:
     if user_context is None:
         user_context = {}
     return await JWTRecipe.get_instance().recipe_implementation.get_jwks(user_context)

supertokens_python/recipe/jwt/interfaces.py

@@ -12,7 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 from abc import ABC, abstractmethod
-from typing import Any, Dict, List, Union
+from typing import Any, Dict, List, Union, Optional
 
 from supertokens_python.framework import BaseRequest, BaseResponse
 from supertokens_python.types import APIResponse, GeneralErrorResponse
@@ -52,7 +52,8 @@ def __init__(self):
     async def create_jwt(
         self,
         payload: Dict[str, Any],
-        validity_seconds: Union[int, None],
+        validity_seconds: Optional[int],
+        use_static_signing_key: Optional[bool],
         user_context: Dict[str, Any],
     ) -> Union[CreateJwtOkResult, CreateJwtResultUnsupportedAlgorithm]:
         pass
@@ -79,8 +80,6 @@ def __init__(
 
 
 class JWKSGetResponse(APIResponse):
-    status: str = "OK"
-
     def __init__(self, keys: List[JsonWebKey]):
         self.keys = keys
 
@@ -98,7 +97,7 @@ def to_json(self) -> Dict[str, Any]:
                 }
             )
 
-        return {"status": self.status, "keys": keys}
+        return {"keys": keys}
 
 
 class APIInterface:

supertokens_python/recipe/jwt/recipe_implementation.py

@@ -13,7 +13,7 @@
 # under the License.
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Any, Dict, List, Union
+from typing import TYPE_CHECKING, Any, Dict, List, Union, Optional
 
 from supertokens_python.normalised_url_path import NormalisedURLPath
 from supertokens_python.querier import Querier
@@ -42,7 +42,8 @@ def __init__(self, querier: Querier, config: JWTConfig, app_info: AppInfo):
     async def create_jwt(
         self,
         payload: Dict[str, Any],
-        validity_seconds: Union[int, None],
+        validity_seconds: Optional[int],
+        use_static_signing_key: Optional[bool],
         user_context: Dict[str, Any],
     ) -> Union[CreateJwtOkResult, CreateJwtResultUnsupportedAlgorithm]:
         if validity_seconds is None:
@@ -51,6 +52,7 @@ async def create_jwt(
         data = {
             "payload": payload,
             "validity": validity_seconds,
+            "use_static_signing_key": use_static_signing_key is not False,
             "algorithm": "RS256",
             "jwksDomain": self.app_info.api_domain.get_as_string_dangerous(),
         }
@@ -64,7 +66,7 @@ async def create_jwt(
 
     async def get_jwks(self, user_context: Dict[str, Any]) -> GetJWKSResult:
         response = await self.querier.send_get_request(
-            NormalisedURLPath("/recipe/jwt/jwks"), {}
+            NormalisedURLPath("/.well-known/jwks.json"), {}
         )
 
         keys: List[JsonWebKey] = []

supertokens_python/recipe/jwt/syncio/__init__.py

@@ -11,7 +11,7 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
-from typing import Any, Dict, Union
+from typing import Any, Dict, Union, Optional
 
 from supertokens_python.async_to_sync_wrapper import sync
 from supertokens_python.recipe.jwt import asyncio
@@ -23,12 +23,17 @@
 
 
 def create_jwt(
-    payload: Union[None, Dict[str, Any]] = None,
-    validity_seconds: Union[None, int] = None,
-    user_context: Union[Dict[str, Any], None] = None,
+    payload: Optional[Dict[str, Any]] = None,
+    validity_seconds: Optional[int] = None,
+    use_static_signing_key: Optional[bool] = None,
+    user_context: Optional[Dict[str, Any]] = None,
 ) -> Union[CreateJwtOkResult, CreateJwtResultUnsupportedAlgorithm]:
-    return sync(asyncio.create_jwt(payload, validity_seconds, user_context))
+    return sync(
+        asyncio.create_jwt(
+            payload, validity_seconds, use_static_signing_key, user_context
+        )
+    )
 
 
-def get_jwks(user_context: Union[Dict[str, Any], None] = None) -> GetJWKSResult:
+def get_jwks(user_context: Optional[Dict[str, Any]] = None) -> GetJWKSResult:
     return sync(asyncio.get_jwks(user_context))

supertokens_python/recipe/openid/asyncio/__init__.py

@@ -11,7 +11,7 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
-from typing import Any, Dict, Union
+from typing import Any, Dict, Union, Optional
 
 from supertokens_python.recipe.openid.interfaces import (
     GetOpenIdDiscoveryConfigurationResult,
@@ -26,21 +26,22 @@
 
 
 async def create_jwt(
-    payload: Union[None, Dict[str, Any]] = None,
-    validity_seconds: Union[None, int] = None,
-    user_context: Union[Dict[str, Any], None] = None,
+    payload: Optional[Dict[str, Any]] = None,
+    validity_seconds: Optional[int] = None,
+    use_static_signing_key: Optional[bool] = None,
+    user_context: Optional[Dict[str, Any]] = None,
 ) -> Union[CreateJwtOkResult, CreateJwtResultUnsupportedAlgorithm]:
     if user_context is None:
         user_context = {}
     if payload is None:
         payload = {}
 
     return await OpenIdRecipe.get_instance().recipe_implementation.create_jwt(
-        payload, validity_seconds, user_context
+        payload, validity_seconds, use_static_signing_key, user_context
     )
 
 
-async def get_jwks(user_context: Union[Dict[str, Any], None] = None) -> GetJWKSResult:
+async def get_jwks(user_context: Optional[Dict[str, Any]] = None) -> GetJWKSResult:
     if user_context is None:
         user_context = {}
     return await OpenIdRecipe.get_instance().recipe_implementation.get_jwks(
@@ -49,7 +50,7 @@ async def get_jwks(user_context: Union[Dict[str, Any], None] = None) -> GetJWKSR
 
 
 async def get_open_id_discovery_configuration(
-    user_context: Union[Dict[str, Any], None] = None
+    user_context: Optional[Dict[str, Any]] = None
 ) -> GetOpenIdDiscoveryConfigurationResult:
     if user_context is None:
         user_context = {}

supertokens_python/recipe/openid/interfaces.py

@@ -12,7 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 from abc import ABC, abstractmethod
-from typing import Any, Dict, Union
+from typing import Any, Dict, Union, Optional
 
 from supertokens_python.framework import BaseRequest, BaseResponse
 from supertokens_python.recipe.jwt.interfaces import (
@@ -39,7 +39,8 @@ def __init__(self):
     async def create_jwt(
         self,
         payload: Dict[str, Any],
-        validity_seconds: Union[int, None],
+        validity_seconds: Optional[int],
+        use_static_signing_key: Optional[bool],
         user_context: Dict[str, Any],
     ) -> Union[CreateJwtOkResult, CreateJwtResultUnsupportedAlgorithm]:
         pass

supertokens_python/recipe/openid/recipe_implementation.py

@@ -13,7 +13,7 @@
 # under the License.
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Any, Dict, Union
+from typing import TYPE_CHECKING, Any, Dict, Union, Optional
 
 from supertokens_python.querier import Querier
 
@@ -69,7 +69,8 @@ def __init__(
     async def create_jwt(
         self,
         payload: Dict[str, Any],
-        validity_seconds: Union[int, None],
+        validity_seconds: Optional[int],
+        use_static_signing_key: Optional[bool],
         user_context: Dict[str, Any],
     ) -> Union[CreateJwtOkResult, CreateJwtResultUnsupportedAlgorithm]:
         issuer = (
@@ -78,7 +79,7 @@ async def create_jwt(
         )
         payload = {"iss": issuer, **payload}
         return await self.jwt_recipe_implementation.create_jwt(
-            payload, validity_seconds, user_context
+            payload, validity_seconds, use_static_signing_key, user_context
         )
 
     async def get_jwks(self, user_context: Dict[str, Any]) -> GetJWKSResult:

supertokens_python/recipe/openid/syncio/__init__.py

@@ -11,7 +11,7 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
-from typing import Any, Dict, Union
+from typing import Any, Dict, Union, Optional
 
 from supertokens_python.async_to_sync_wrapper import sync
 from supertokens_python.recipe.openid import asyncio
@@ -27,18 +27,23 @@
 
 
 def create_jwt(
-    payload: Union[None, Dict[str, Any]] = None,
-    validity_seconds: Union[None, int] = None,
-    user_context: Union[Dict[str, Any], None] = None,
+    payload: Optional[Dict[str, Any]] = None,
+    validity_seconds: Optional[int] = None,
+    use_static_signing_key: Optional[bool] = None,
+    user_context: Optional[Dict[str, Any]] = None,
 ) -> Union[CreateJwtOkResult, CreateJwtResultUnsupportedAlgorithm]:
-    return sync(asyncio.create_jwt(payload, validity_seconds, user_context))
+    return sync(
+        asyncio.create_jwt(
+            payload, validity_seconds, use_static_signing_key, user_context
+        )
+    )
 
 
-def get_jwks(user_context: Union[Dict[str, Any], None] = None) -> GetJWKSResult:
+def get_jwks(user_context: Optional[Dict[str, Any]] = None) -> GetJWKSResult:
     return sync(asyncio.get_jwks(user_context))
 
 
 def get_open_id_discovery_configuration(
-    user_context: Union[Dict[str, Any], None] = None
+    user_context: Optional[Dict[str, Any]] = None
 ) -> GetOpenIdDiscoveryConfigurationResult:
     return sync(asyncio.get_open_id_discovery_configuration(user_context))