20 lines
538 B
Python
20 lines
538 B
Python
from jose import jwt, JWTError
|
|
from ..auth.key_store import get_key_by_kid
|
|
|
|
JWT_ALGORITHM = "HS256"
|
|
|
|
|
|
def decode_jwt(token: str) -> dict | None:
|
|
"""Decode a JWT token using the existing key management system."""
|
|
try:
|
|
headers = jwt.get_unverified_header(token)
|
|
kid = headers.get("kid")
|
|
if not kid:
|
|
return None
|
|
key = get_key_by_kid(kid)
|
|
if not key:
|
|
return None
|
|
return jwt.decode(token, key, algorithms=[JWT_ALGORITHM])
|
|
except JWTError:
|
|
return None
|