nrbnlulu / strawberry-django-auth

Authentication system for django using strawberry

https://nrbnlulu.github.io/strawberry-django-auth/

MIT License

68 stars 30 forks source link

Token Payload is JSON serialized #448

Open Synforge opened 1 year ago

Synforge commented 1 year ago

Prerequisites

[x] Is it a bug?
[ ] Is it a new feature?
[ ] Is it a question?
[x] Can you reproduce the problem?
[x] Are you running the latest version?
[x] Did you check for similar issues?
[x] Did you perform a cursory search?

For more information, see the CONTRIBUTING guide.

Description

Hi all, first of all thanks for creating this!

At the moment it seems like create_token_type JSON serializes the payload when this isn't required since the entire JWT would be serialized.

Though I can override create_token_type it's fairly non-standard and most implementations just have the payload as an object not a string.

Steps to Reproduce

Create a JWT through ObtainJSONWebToken
Decode the JWT and notice that the payload is a string that is JSON serialized, this is fairly non-standard, I haven't seen this in any other JWT

Expected behavior

I would expect the payload not to be a string and instead be an object containing the fields

Actual behavior

Payload is a string that is JSON serialized

marcindulak commented 1 month ago

I believe this is the code that is being mentioned

https://github.com/nrbnlulu/strawberry-django-auth/blob/65f98d281662159627d824e827d159fb53150819/gqlauth/settings_type.py#L51-L70

used by

https://github.com/nrbnlulu/strawberry-django-auth/blob/65f98d281662159627d824e827d159fb53150819/gqlauth/settings_type.py#L243

This produces jwt payload part like (note also the unexpected "payload" key)

{"payload":"{\n \"exp\": \"1729992265\",\n \"origIat\": \"1729991965\",\n \"username\": \"admin\"\n}"}

instead of

{"token_type":"access","exp":1729991682,"iat":1729991382,...}