"credentials: JwtAuthorizationCredentials = Security(refresh_security)" allows only the refresh token.
"credentials: JwtAuthorizationCredentials = Security(access_security)" allows both the access token and the refresh token.
did you intend this?
def __init__(
self,
secret_key: str,
places: Optional[Set[str]] = None,
auto_error: bool = True,
algorithm: str = jwt.ALGORITHMS.HS256,
access_expires_delta: Optional[timedelta] = None,
refresh_expires_delta: Optional[timedelta] = None,
):
super().__init__(
secret_key,
places=places,
auto_error=auto_error,
algorithm=algorithm,
access_expires_delta=access_expires_delta,
refresh_expires_delta=refresh_expires_delta,
)
async def _get_credentials(
self,
bearer: Optional[JwtAuthBase.JwtAccessBearer],
cookie: Optional[JwtAuthBase.JwtAccessCookie],
) -> Optional[JwtAuthorizationCredentials]:
payload = await self._get_payload(bearer, cookie)
if payload:
return JwtAuthorizationCredentials(
payload["subject"], payload.get("jti", None)
)
return None
def __init__(
self,
secret_key: str,
places: Optional[Set[str]] = None,
auto_error: bool = True,
algorithm: str = jwt.ALGORITHMS.HS256,
access_expires_delta: Optional[timedelta] = None,
refresh_expires_delta: Optional[timedelta] = None,
):
super().__init__(
secret_key,
places=places,
auto_error=auto_error,
algorithm=algorithm,
access_expires_delta=access_expires_delta,
refresh_expires_delta=refresh_expires_delta,
)
async def _get_credentials(
self,
bearer: Optional[JwtAuthBase.JwtRefreshBearer],
cookie: Optional[JwtAuthBase.JwtRefreshCookie],
) -> Optional[JwtAuthorizationCredentials]:
payload = await self._get_payload(bearer, cookie)
if payload is None:
return None
if "type" not in payload or payload["type"] != "refresh":
if self.auto_error:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Wrong token: 'type' is not 'refresh'",
)
else:
return None
return JwtAuthorizationCredentials(
payload["subject"], payload.get("jti", None)
)