From 75075ee7d14eeec4e5eb82cbfdd7d0564ca936af Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Thu, 21 Nov 2024 20:27:31 +0000
Subject: [PATCH] Verify JWT Decode

---
 .../spiffworkflow_backend/services/authentication_service.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py
index 999715a18..78b88cc2e 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py
@@ -229,8 +229,7 @@ def parse_jwt_token(cls, authentication_identifier: str, token: str) -> dict:
                 str(current_app.secret_key),
                 algorithms=[SPIFF_GENERATED_JWT_ALGORITHM],
                 audience=SPIFF_GENERATED_JWT_AUDIENCE,
-                options={"verify_exp": False},
-            )
+                options={"verify_exp": True})
         else:
             algorithm = str(header.get("alg"))
             json_key_configs = cls.jwks_public_key_for_key_id(authentication_identifier, key_id)
@@ -479,7 +478,7 @@ def get_auth_token_from_refresh_token(cls, refresh_token: str, authentication_id
     def decode_auth_token(auth_token: str) -> dict[str, str | None]:
         """This is only used for debugging."""
         try:
-            payload: dict[str, str | None] = jwt.decode(auth_token, options={"verify_signature": False})
+            payload: dict[str, str | None] = jwt.decode(auth_token, options={"verify_signature": True})
             return payload
         except jwt.ExpiredSignatureError as exception:
             raise TokenExpiredError(