Merge pull request #438 from supertokens/fix/jwt-lifetime

rishabhpoddar · web-flow · commit ec71216a6fb4 · 2023-09-01T12:59:18.000+05:30
fix: JWT lifetime setting issue
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,9 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## unreleased
 
-## [0.12.10] - 2023-09-28
+## [0.12.10] - 2023-09-01
 
 - Add logic to retry network calls if the core returns status 429
+- Fixes session recipe with jwt where the lifetime of the jwt is set to 1 in case it is `< 1`
 
 ## [0.12.9] - 2023-04-28
 
diff --git a/supertokens_python/recipe/session/with_jwt/recipe_implementation.py b/supertokens_python/recipe/session/with_jwt/recipe_implementation.py
@@ -159,16 +159,16 @@ async def jwt_aware_update_access_token_payload(
         if decoded_payload is None or decoded_payload.get("exp") is None:
             raise Exception("Error reading JWT from session")
 
-        jwt_expiry = 1
-        if "exp" in decoded_payload:
-            exp = decoded_payload["exp"]
-            if exp > current_time_in_seconds:
-                # it can come here if someone calls this function well after
-                # the access token and the jwt payload have expired. In this case,
-                # we still want the jwt payload to update, but the resulting JWT should
-                # not be alive for too long (since it's expired already). So we set it to
-                # 1 second lifetime.
-                jwt_expiry = exp - current_time_in_seconds
+        jwt_expiry = decoded_payload.get("exp", 0) - current_time_in_seconds
+        # pylint: disable=consider-using-max-builtin
+        if jwt_expiry < 1:
+            # it can come here if someone calls this function well after
+            # the access token and the jwt payload have expired. In this case,
+            # we still want the jwt payload to update, but the resulting JWT should
+            # not be alive for too long (since it's expired already). So we set it to
+            # 1 second lifetime.
+            jwt_expiry = 1
+        # pylint: enable=consider-using-max-builtin
 
         new_access_token_payload = await add_jwt_to_access_token_payload(
             access_token_payload=new_access_token_payload,
diff --git a/supertokens_python/recipe/session/with_jwt/session_class.py b/supertokens_python/recipe/session/with_jwt/session_class.py
@@ -70,16 +70,16 @@ async def update_access_token_payload(
         if decoded_payload is None or decoded_payload.get("exp") is None:
             raise Exception("Error reading JWT from session")
 
-        jwt_expiry = 1
-        if "exp" in decoded_payload:
-            exp = decoded_payload["exp"]
-            if exp > current_time_in_seconds:
-                # it can come here if someone calls this function well after
-                # the access token and the jwt payload have expired. In this case,
-                # we still want the jwt payload to update, but the resulting JWT should
-                # not be alive for too long (since it's expired already). So we set it to
-                # 1 second lifetime.
-                jwt_expiry = exp - current_time_in_seconds
+        jwt_expiry = decoded_payload.get("exp", 0) - current_time_in_seconds
+        # pylint: disable=consider-using-max-builtin
+        if jwt_expiry < 1:
+            # it can come here if someone calls this function well after
+            # the access token and the jwt payload have expired. In this case,
+            # we still want the jwt payload to update, but the resulting JWT should
+            # not be alive for too long (since it's expired already). So we set it to
+            # 1 second lifetime.
+            jwt_expiry = 1
+        # pylint: enable=consider-using-max-builtin
 
         new_access_token_payload = await add_jwt_to_access_token_payload(
             access_token_payload=new_access_token_payload,
