sartography · pixeebot · Nov 21, 2024 · pixeebot · Nov 21, 2024
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py
@@ -229,8 +229,7 @@ def parse_jwt_token(cls, authentication_identifier: str, token: str) -> dict:
                 str(current_app.secret_key),
                 algorithms=[SPIFF_GENERATED_JWT_ALGORITHM],
                 audience=SPIFF_GENERATED_JWT_AUDIENCE,
-                options={"verify_exp": False},
-            )
+                options={"verify_exp": True})
         else:
             algorithm = str(header.get("alg"))
             json_key_configs = cls.jwks_public_key_for_key_id(authentication_identifier, key_id)
@@ -479,7 +478,7 @@ def get_auth_token_from_refresh_token(cls, refresh_token: str, authentication_id
     def decode_auth_token(auth_token: str) -> dict[str, str | None]:
         """This is only used for debugging."""
         try:
-            payload: dict[str, str | None] = jwt.decode(auth_token, options={"verify_signature": False})
+            payload: dict[str, str | None] = jwt.decode(auth_token, options={"verify_signature": True})
             return payload
         except jwt.ExpiredSignatureError as exception:
             raise TokenExpiredError(