Conversation
RPA flows need to mint and verify bearer tokens for the APIs they drive, but the framework only had HMAC file signing and an ACME-bound RS256 JWS. Add a pure-stdlib HS256/384/512 JWT codec with full claim validation grouped in a ClaimsPolicy (exp/nbf/aud/iss, injectable clock). Safe by default: rejects alg=none, enforces an algorithm allowlist against confusion attacks, and compares signatures with compare_digest. Wired through the facade, AC_jwt_encode/AC_jwt_decode executor commands, MCP tools and the Script Builder.
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 61 |
| Duplication | 2 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
RPA flows constantly need to mint/verify bearer tokens for the APIs they drive, but the framework only had HMAC file signing (
action_signing) and an ACME-bound RS256 JWS (acme_v2) — neither produces or validates a compact bearer JWT. This adds a focused, pure-stdlib JWT codec for the HMAC family.encode_jwt(claims, key, *, alg="HS256")— signs a compactheader.payload.signaturetoken (HS256/384/512).decode_jwt(token, key, policy=None, *, now=None)— verifies the signature and validates claims against aClaimsPolicy(exp/nbfwithleeway,audmembership,issmatch), using an injectable clock.ClaimsPolicygroups the validation knobs (algorithms,audience,issuer,leeway,verify_exp,verify_nbf).Security (safe by default): rejects
alg:"none"and any algorithm not in the caller's allowlist (defeats the algorithm-confusion/downgrade attack), and compares signatures withhmac.compare_digest. RS256/ES256 are intentionally out of scope (need a third-party crypto lib). The minted token feeds straight into the existinghttp_request(..., auth={"type":"bearer","token":token}).Pure stdlib (
hmac/hashlib/base64/json); injectablenow; Qt-free.Five-layer wiring
je_auto_control/utils/jwt/__init__.py+__all__AC_jwt_encode,AC_jwt_decode(returns{ok, claims}/{ok:false, error})ac_jwt_encode,ac_jwt_decodeTests & docs
test/unit_test/headless/test_jwt_batch.py(14 tests incl. alg-confusion, allowlist, exp/nbf/aud/iss, leeway, bad-signature)Lint clean: ruff / pylint / bandit / radon (no function CC > 10, ≤5 args). Test keys built at runtime so secret scanners don't trip on literals.