0

Is there a way to set the iss claim of the JWT that is generated by create_access_token of Flask-JWT-Extended?

I tried to put the iss claim under the parameter 'user_claims' of the create_access_token:

access_token = create_access_token(
   identity=data['username'],
   expires_delta = timedelta(seconds=JWT_LIFE_SPAN),
   user_claims={'iss': ISSUER}
)

However, when I decoded the token using PyJWT from the side of resource server, it looked like this:

{'iat': 1597581227, 'nbf': 1597581227, 'jti': '4e6c9677-d698-421c-91c4-0b2f3a6da4e9', 'exp': 
1597583027, 'identity': 'asdf', 'fresh': False, 'type': 'access', 'user_claims': {'iss': 
'sample-auth-server'}}

I tried to look for a configuration options from the docs, but I can't find any option to set the iss. There's an iss set, but it is under the user_claims. What I want to accomplish is to set it as one of the registered claims for the JWT.

Community
  • 1
  • 1
Paul
  • 275
  • 1
  • 2
  • 13

1 Answers1

1

I think you can make use of encode_access_token api and create an encoded access code with issuer.

Example:

 encode_access_token(
    identity=data['username'],
    issuer=JWT_ISSUER,
    expires_delta=timedelta(seconds=JWT_LIFE_SPAN),
    ...
 ):

Reference : https://github.com/vimalloc/flask-jwt-extended/blob/5bd8b1ed08ea64d23869a629af3c3c868816b8a8/flask_jwt_extended/tokens.py#L34

Umair Mohammad
  • 4,489
  • 2
  • 20
  • 34
  • The issuer parameter of encode_access_token is not yet in the latest release version 3.24.1 – Paul Aug 17 '20 at 03:32