Add leeway

thunderbird · May 1, 2024 · ea4720e · ea4720e
1 parent 9e202ab
commit ea4720e
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/backend/src/appointment/dependencies/fxa.py b/backend/src/appointment/dependencies/fxa.py
@@ -1,5 +1,6 @@
 import logging
 import os
+import datetime
 
 from fastapi import Request, Depends
 #from jose import jwt, jwk
@@ -48,7 +49,10 @@ def get_webhook_auth(request: Request, fxa_client: FxaClient = Depends(get_fxa_c
         logging.error(f"Error decoding token. Key ID ({headers.get('kid')}) is missing from public list.")
         return None
 
-    decoded_jwt = jwt.decode(header_token, key=jwk_pem, audience=fxa_client.client_id, algorithms='RS256')
+    # Amount of time over what the iat is issued for to allow
+    # We were having millisecond timing issues, so this is set to a few seconds to cover for that.
+    leeway = datetime.timedelta(seconds=5)
+    decoded_jwt = jwt.decode(header_token, key=jwk_pem, audience=fxa_client.client_id, algorithms='RS256', leeway=leeway)
 
     # Final verification
     if decoded_jwt.get('iss') != fxa_client.config.issuer: